CVE-2018-11628

Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.
Configurations

Configuration 1 (hide)

cpe:2.3:a:emssoftware:ems_master_calendar:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-01 15:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-11628

Mitre link : CVE-2018-11628

CVE.ORG link : CVE-2018-11628


JSON object : View

Products Affected

emssoftware

  • ems_master_calendar
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')