PT-2017-18688 · Calendarxp · Calendarxp Flatcalendarxp+1
Published
2017-05-18
·
Updated
2018-01-18
·
CVE-2017-9072
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CalendarXP FlatCalendarXP versions 9.9.290 and earlier
CalendarXP PopCalendarXP versions 9.8.308 and earlier
Description
The issue affects common parts of HTML files in CalendarXP products, specifically causing XSS in certain files. For CalendarXP FlatCalendarXP, the files iflateng.htm and nflateng.htm are affected. For CalendarXP PopCalendarXP, the files ipopeng.htm and npopeng.htm are vulnerable.
Recommendations
For CalendarXP FlatCalendarXP versions 9.9.290 and earlier, consider restricting access to the iflateng.htm and nflateng.htm files until a fix is available.
For CalendarXP PopCalendarXP versions 9.8.308 and earlier, restrict access to the ipopeng.htm and npopeng.htm files as a temporary mitigation measure.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Calendarxp Flatcalendarxp
Calendarxp Popcalendarxp