PT-2017-18688 · Calendarxp · Calendarxp Flatcalendarxp+1
Publicado
2017-05-18
·
Atualizado
2018-01-18
·
CVE-2017-9072
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CalendarXP FlatCalendarXP versions 9.9.290 and earlier
CalendarXP PopCalendarXP versions 9.8.308 and earlier
Description
The issue affects common parts of HTML files in CalendarXP products, specifically causing XSS in certain files. For CalendarXP FlatCalendarXP, the files iflateng.htm and nflateng.htm are affected. For CalendarXP PopCalendarXP, the files ipopeng.htm and npopeng.htm are vulnerable.
Recommendations
For CalendarXP FlatCalendarXP versions 9.9.290 and earlier, consider restricting access to the iflateng.htm and nflateng.htm files until a fix is available.
For CalendarXP PopCalendarXP versions 9.8.308 and earlier, restrict access to the ipopeng.htm and npopeng.htm files as a temporary mitigation measure.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Calendarxp Flatcalendarxp
Calendarxp Popcalendarxp