返回 CVE 瀏覽器

CVE-2009-1218

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.1950%

EPSS Percentile22.20th

Published2009年4月1日

Last Modified2026年4月23日

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.

Affected Platforms (CPE)

📦

Sun

Java System Calendar Server

= 6

📦

Sun

Java System Calendar Server

= 6.3

📦

Sun

One Calendar Server

= 6.0

📦

Sun

Java System Calendar Server

= 6

📦

Sun

Java System Calendar Server

= 6.3

📦

Sun

One Calendar Server

= 6.0

📦

Sun

Java System Calendar Server

= 6

📦

Sun

Java System Calendar Server

= 6.3

📦

Sun

One Calendar Server

= 6.0

References & Advisories

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020321.1-1

🔗 http://www.coresecurity.com/content/sun-calendar-express

🔗 http://www.securityfocus.com/archive/1/502320/100/0/threaded

🔗 http://www.securityfocus.com/bid/34152

🔗 http://www.securityfocus.com/bid/34153

🔗 http://www.vupen.com/english/advisories/2009/0905

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1

相關漏洞威脅

CVE-2004-074210.0

Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and mo...

CVE-2008-27497.1

Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access lo...

CVE-2009-12195.0

Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow...

CVE-2009-093910.0

Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec confor...