Published: 04/12/2019 Updated: 14/12/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A CSRF issue exists in DAViCal up to and including 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
davical davical

Debian Bug report logs - #946343 davical: CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 Package: src:davical; Maintainer for src:davical is Davical Development Team <davical-devel@listssourceforgenet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Dec 2019 15:39:01 UTC Severity: important Tags: ...

Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server For the oldstable distribution (stretch), these problems have been fixed in version 115-1+deb9u1 For the stable distribution (buster), these problems have been fixed in version 118-1+deb10u1 We recommend that you upgrade your davi ...

DAViCal CalDAV Server versions 118 and below suffer from a reflective cross site scripting vulnerability ...

DAViCal CalDAV Server versions 118 and below suffer from a cross site request forgery vulnerability ...

DAViCal CalDAV Server versions 118 and below suffer from a persistent cross site scripting vulnerability ...

Full Disclosure mailing list archives   By Date By Thread </form>    CVE-2019-18347 Persistent Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server <!--X-Subject-Header-End-- ...

CWE-352 https://gitlab.com/davical-project/davical/blob/master/ChangeLog https://www.davical.org/https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/http://seclists.org/fulldisclosure/2019/Dec/18 http://seclists.org/fulldisclosure/2019/Dec/17 http://seclists.org/fulldisclosure/2019/Dec/19 http://packetstormsecurity.com/files/155629/DAViCal-CalDAV-Server-1.1.8-Cross-Site-Request-Forgery.html https://lists.debian.org/debian-lts-announce/2019/12/msg00016.html https://www.debian.org/security/2019/dsa-4582 https://seclists.org/bugtraq/2019/Dec/30 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946343 https://nvd.nist.gov https://www.debian.org/security/2019/dsa-4582

CVE-2019-18346

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect