VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1506

CVE-2004-1506

Description

Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.

Affected products

30
  • Webcalendar/Webcalendar30 versions
    cpe:2.3:a:webcalendar:webcalendar:0.9.11:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:a:webcalendar:webcalendar:0.9.11:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.15:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.16:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.19:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.20:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.21:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.22:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.23:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.24:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.25:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.26:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.27:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.28:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.29:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.30:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.31:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.32:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.33:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.34:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.35:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.36:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.37:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.38:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.39:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.40:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.41:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.42:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.43:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.44:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.8:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.