Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DAViCal 跨站脚本漏洞
Vulnerability Description
DAViCal是一款日历共享服务器,是CalDAV协议的实现。 DAViCal 1.1.8及之前版本中存在跨站脚本漏洞,该漏洞源于程序回显‘action’参数而不进行编码。攻击者可通过诱使用户点击特制链接利用该漏洞获得用户的权限并执行操作。
CVSS Information
N/A
Vulnerability Type
N/A