Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 up to and including 6.3-7.01 allow remote malicious users to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java system calendar server 6 |
||
sun java system calendar server 6.3 |
||
sun one calendar server 6.0 |