Unrated severityNVD Advisory· Published Apr 1, 2009· Updated Jun 16, 2026
CVE-2009-1218
CVE-2009-1218
Description
Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:sun:java_system_calendar_server:6.3:-:linux:*:*:*:*:*+ 8 more
- cpe:2.3:a:sun:java_system_calendar_server:6.3:-:linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_calendar_server:6.3:-:sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_calendar_server:6.3:-:x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_calendar_server:6:-:linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_calendar_server:6:-:sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_calendar_server:6:-:x86:*:*:*:*:*
- cpe:2.3:a:sun:one_calendar_server:6.0:-:linux:*:*:*:*:*
- cpe:2.3:a:sun:one_calendar_server:6.0:-:sparc:*:*:*:*:*
- cpe:2.3:a:sun:one_calendar_server:6.0:-:x86:*:*:*:*:*
- Range: <=6.3-7.01
Patches
Vulnerability mechanics
References
7- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- www.coresecurity.com/content/sun-calendar-expressnvdExploit
- sunsolve.sun.com/search/document.donvd
- www.securityfocus.com/archive/1/502320/100/0/threadednvd
- www.securityfocus.com/bid/34152nvd
- www.securityfocus.com/bid/34153nvd
- www.vupen.com/english/advisories/2009/0905nvd
News mentions
0No linked articles in our index yet.