CVE-2019-18345

Priority
Description
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes
the action parameter without encoding. If a user visits an
attacker-supplied link, the attacker can view all data the attacked user
can view, as well as perform all actions in the name of the user. If the
user is an administrator, the attacker can for example add a new admin user
to gain full access to the application.
Notes
Package
Upstream:released (1.1.9.2-1)
Ubuntu 18.04 LTS:needed
Ubuntu 20.04 LTS:not-affected (1.1.9.2-1)
Ubuntu 21.10:not-affected (1.1.9.2-1)
Ubuntu 22.04 LTS:not-affected (1.1.9.2-1)
Ubuntu 14.04 ESM:DNE
Patches:
More Information

Updated: 2022-04-25 00:38:03 UTC (commit ecc1009cb19540b950de59270950018900f37f15)