Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-18345

Published: 12/12/2019 Updated: 01/02/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.3 | Impact Score: 5.8 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Davical

Vulnerability Summary

A reflected XSS issue exists in DAViCal up to and including 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

davical davical

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: davical: CVE-2019-18345 CVE-2019-18346 CVE-2019-18347
Debian Bug report logs - #946343 davical: CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 Package: src:davical; Maintainer for src:davical is Davical Development Team <davical-devel@listssourceforgenet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Dec 2019 15:39:01 UTC Severity: important Tags: ...
Debian Security Advisories: DSA-4582-1 davical -- security update
Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server For the oldstable distribution (stretch), these problems have been fixed in version 115-1+deb9u1 For the stable distribution (buster), these problems have been fixed in version 118-1+deb10u1 We recommend that you upgrade your davi ...

Exploits

Exploit DB: DAViCal CalDAV Server 1.1.8 Reflective Cross Site Scripting
DAViCal CalDAV Server versions 118 and below suffer from a reflective cross site scripting vulnerability ...
Exploit DB: DAViCal CalDAV Server 1.1.8 Cross Site Request Forgery
DAViCal CalDAV Server versions 118 and below suffer from a cross site request forgery vulnerability ...
Exploit DB: DAViCal CalDAV Server 1.1.8 Persistent Cross Site Scripting
DAViCal CalDAV Server versions 118 and below suffer from a persistent cross site scripting vulnerability ...

Mailing Lists

Full Disclosure: CVE-2019-18347 Persistent Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2019-18347 Persistent Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server <!--X-Subject-Header-End-- ...

References

CWE-79https://wiki.davical.org/index.php/Main_Pagehttp://packetstormsecurity.com/files/155630/DAViCal-CalDAV-Server-1.1.8-Reflective-Cross-Site-Scripting.htmlhttps://gitlab.com/davical-project/davical/blob/master/ChangeLoghttps://www.davical.org/https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/https://lists.debian.org/debian-lts-announce/2019/12/msg00016.htmlhttps://www.debian.org/security/2019/dsa-4582https://seclists.org/bugtraq/2019/Dec/30https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946343https://nvd.nist.govhttps://www.debian.org/security/2019/dsa-4582
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook