Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

davical davical vulnerabilities and exploits

(subscribe to this query)
6.8
CVSSv2
CVE-2019-18346
A CSRF issue exists in DAViCal up to and including 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example ...
Davical Davical
3.5
CVSSv2
CVE-2019-18347
A stored XSS issue exists in DAViCal up to and including 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly privileged) user. Affected ...
Davical Davical
4.3
CVSSv2
CVE-2019-18345
A reflected XSS issue exists in DAViCal up to and including 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If th...
Davical DavicalDebian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2020-11729
An issue exists in DAViCal Andrew's Web Libraries (AWL) up to and including 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful.
Davical Andrew\\'s Web LibrariesDebian Debian Linux 9.0Debian Debian Linux 10.0
5
CVSSv2
CVE-2020-11728
An issue exists in DAViCal Andrew's Web Libraries (AWL) up to and including 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session.
Davical Andrew\\'s Web LibrariesDebian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook