// For flags

CVE-2009-1218

Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.

Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Calendar Express Web Server en Sun ONE Calendar Server 6.0 y Sun Java System Calendar Server 6 2004Q2 hasta 6.3-7.01 permite a atacantes remotos inyectar web script o HTML de su elección a través de (1) el parámetro "fmt-out" de login.wcap o (2) el parámetro "date" de command.shtml.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-03-31 First Exploit
  • 2009-04-01 CVE Reserved
  • 2009-04-01 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sun
Search vendor "Sun"
 Java System Calendar Server
Search vendor "Sun" for product "Java System Calendar Server"
 6
Search vendor "Sun" for product "Java System Calendar Server" and version "6"
sparc
Affected
Sun
Search vendor "Sun"
 Java System Calendar Server
Search vendor "Sun" for product "Java System Calendar Server"
 6.3
Search vendor "Sun" for product "Java System Calendar Server" and version "6.3"
sparc
Affected
Sun
Search vendor "Sun"
 One Calendar Server
Search vendor "Sun" for product "One Calendar Server"
 6.0
Search vendor "Sun" for product "One Calendar Server" and version "6.0"
sparc
Affected
Sun
Search vendor "Sun"
 Java System Calendar Server
Search vendor "Sun" for product "Java System Calendar Server"
 6
Search vendor "Sun" for product "Java System Calendar Server" and version "6"
x86
Affected
Sun
Search vendor "Sun"
 Java System Calendar Server
Search vendor "Sun" for product "Java System Calendar Server"
 6.3
Search vendor "Sun" for product "Java System Calendar Server" and version "6.3"
x86
Affected
Sun
Search vendor "Sun"
 One Calendar Server
Search vendor "Sun" for product "One Calendar Server"
 6.0
Search vendor "Sun" for product "One Calendar Server" and version "6.0"
x86
Affected
Sun
Search vendor "Sun"
 Java System Calendar Server
Search vendor "Sun" for product "Java System Calendar Server"
 6
Search vendor "Sun" for product "Java System Calendar Server" and version "6"
linux
Affected
Sun
Search vendor "Sun"
 Java System Calendar Server
Search vendor "Sun" for product "Java System Calendar Server"
 6.3
Search vendor "Sun" for product "Java System Calendar Server" and version "6.3"
linux
Affected
Sun
Search vendor "Sun"
 One Calendar Server
Search vendor "Sun" for product "One Calendar Server"
 6.0
Search vendor "Sun" for product "One Calendar Server" and version "6.0"
linux
Affected