Back to CVE Browser

CVE-2009-1218

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.1950%

EPSS Percentile22.20th

PublishedApr 1, 2009

Last ModifiedApr 23, 2026

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.

Affected Platforms (CPE)

📦

Sun

Java System Calendar Server

= 6

📦

Sun

Java System Calendar Server

= 6.3

📦

Sun

One Calendar Server

= 6.0

📦

Sun

Java System Calendar Server

= 6

📦

Sun

Java System Calendar Server

= 6.3

📦

Sun

One Calendar Server

= 6.0

📦

Sun

Java System Calendar Server

= 6

📦

Sun

Java System Calendar Server

= 6.3

📦

Sun

One Calendar Server

= 6.0

References & Advisories

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020321.1-1

🔗 http://www.coresecurity.com/content/sun-calendar-express

🔗 http://www.securityfocus.com/archive/1/502320/100/0/threaded

🔗 http://www.securityfocus.com/bid/34152

🔗 http://www.securityfocus.com/bid/34153

🔗 http://www.vupen.com/english/advisories/2009/0905

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1

Related Vulnerabilities

CVE-2004-074210.0

Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and mo...

CVE-2008-27497.1

Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access lo...

CVE-2009-12195.0

Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow...

CVE-2009-049210.0

Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerabilit...