Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104428 | Third Party Advisory VDB Entry |
https://docs.emssoftware.com/Content/V44.1_ReleaseNotes.htm | Release Notes |
https://gist.github.com/barrett092/c70752ca6960b8b9616a03006f291a28 | Third Party Advisory |
https://www.exploit-db.com/exploits/44831/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2018-06-01 15:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-11628
Mitre link : CVE-2018-11628
CVE.ORG link : CVE-2018-11628
JSON object : View
Products Affected
emssoftware
- ems_master_calendar
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')