Published: 01/06/2018 Updated: 03/07/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Data input into EMS Master Calendar prior to 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious malicious users to send a crafted URL for XSS.

Vulnerable Product	Search on Vulmon	Subscribe to Product
emssoftware ems master calendar

# Exploit Title: EMS Master Calendar < 80020180520 - Reflected Cross-Site Scripting # Date: 2018-06-01 # Exploit Author: Chris Barretto # Vendor Homepage: wwwemssoftwarecom/ # Software Link: docsemssoftwarecom/Content/V441_ReleaseNoteshtm # Version: Versions prior to 800201805210 are vulnerable # Tested on: Master Ca ...

EMS Master Calendar versions prior to 80020180520 suffer from a cross site scripting vulnerability ...

CWE-79 https://gist.github.com/barrett092/c70752ca6960b8b9616a03006f291a28 https://docs.emssoftware.com/Content/V44.1_ReleaseNotes.htm https://www.exploit-db.com/exploits/44831/http://www.securityfocus.com/bid/104428 https://nvd.nist.gov https://www.exploit-db.com/exploits/44831/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-11628

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect