CVE-2019-18347 in Ubuntu

CVE-2019-18347

Priority

Description

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not
adequately sanitize output of various fields that can be set by
unprivileged users, making it possible for JavaScript stored in those
fields to be executed by another (possibly privileged) user. Affected
database fields include Username, Display Name, and Email.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18347
https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/
https://gitlab.com/davical-project/davical/blob/master/ChangeLog
https://www.davical.org/

Notes

Package

Source: davical (LP Ubuntu Debian)

Upstream:	released (1.1.9.2-1)
Ubuntu 18.04 LTS:	needed
Ubuntu 20.04 LTS:	not-affected (1.1.9.2-1)
Ubuntu 21.10:	not-affected (1.1.9.2-1)
Ubuntu 22.04 LTS:	not-affected (1.1.9.2-1)
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-25 00:38:03 UTC (commit ecc1009cb19540b950de59270950018900f37f15)