CVE-2004-1506

Published: Dec 31, 2004Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.

Affected (30)

Products: Webcalendar: Webcalendar

Webcalendar

1 product

Webcalendar

Configuration A

30 vulnerable

Vulnerable Software	Affected Versions
Webcalendar Webcalendar	Version 0.9.11
Webcalendar Webcalendar	Version 0.9.15
Webcalendar Webcalendar	Version 0.9.16
Webcalendar Webcalendar	Version 0.9.19
Webcalendar Webcalendar	Version 0.9.20
Webcalendar Webcalendar	Version 0.9.21
Webcalendar Webcalendar	Version 0.9.22
Webcalendar Webcalendar	Version 0.9.23
Webcalendar Webcalendar	Version 0.9.24
Webcalendar Webcalendar	Version 0.9.25
Webcalendar Webcalendar	Version 0.9.26
Webcalendar Webcalendar	Version 0.9.27
Webcalendar Webcalendar	Version 0.9.28
Webcalendar Webcalendar	Version 0.9.29
Webcalendar Webcalendar	Version 0.9.30
Webcalendar Webcalendar	Version 0.9.31
Webcalendar Webcalendar	Version 0.9.32
Webcalendar Webcalendar	Version 0.9.33
Webcalendar Webcalendar	Version 0.9.34
Webcalendar Webcalendar	Version 0.9.35
Webcalendar Webcalendar	Version 0.9.36
Webcalendar Webcalendar	Version 0.9.37
Webcalendar Webcalendar	Version 0.9.38
Webcalendar Webcalendar	Version 0.9.39
Webcalendar Webcalendar	Version 0.9.40
Webcalendar Webcalendar	Version 0.9.41
Webcalendar Webcalendar	Version 0.9.42
Webcalendar Webcalendar	Version 0.9.43
Webcalendar Webcalendar	Version 0.9.44
Webcalendar Webcalendar	Version 0.9.8