PT-2014-7885 · Springshare · Libical
Published
2014-12-01
·
Updated
2017-09-08
·
CVE-2014-7291
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Springshare LibCal version 2.0
Description
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the
m or cid parameters in the "api events.php" file.Recommendations
For Springshare LibCal version 2.0, avoid using the
m and cid parameters in the "api events.php" file until a patch is available. As a temporary workaround, consider restricting access to the "api events.php" file to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libical