CVE-2025-0930

Name of the Vulnerable Software and Affected Versions TeamCal Neo version 3.8.2

Description The issue is a Reflected Cross-Site Scripting (XSS) that allows an attacker to execute malicious JavaScript code. This is achieved by injecting code via the abs parameter in the "/teamcal/src/index.php" API endpoint.

Recommendations For TeamCal Neo version 3.8.2, avoid using the abs parameter in the "/teamcal/src/index.php" endpoint until a fix is available. Consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.