Unrated severityNVD Advisory· Published Apr 1, 2009· Updated Apr 23, 2026
CVE-2009-1218
CVE-2009-1218
Description
Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
Affected products
9cpe:2.3:a:sun:one_calendar_server:6.0:-:linux:*:*:*:*:*+ 2 more
- cpe:2.3:a:sun:one_calendar_server:6.0:-:linux:*:*:*:*:*
- cpe:2.3:a:sun:one_calendar_server:6.0:-:sparc:*:*:*:*:*
- cpe:2.3:a:sun:one_calendar_server:6.0:-:x86:*:*:*:*:*
cpe:2.3:a:sun:java_system_calendar_server:6:-:sparc:*:*:*:*:*+ 5 more
- cpe:2.3:a:sun:java_system_calendar_server:6:-:sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_calendar_server:6.3:-:sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_calendar_server:6:-:x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_calendar_server:6.3:-:x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_calendar_server:6:-:linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_calendar_server:6.3:-:linux:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- www.coresecurity.com/content/sun-calendar-expressnvdExploit
- sunsolve.sun.com/search/document.donvd
- www.securityfocus.com/archive/1/502320/100/0/threadednvd
- www.securityfocus.com/bid/34152nvd
- www.securityfocus.com/bid/34153nvd
- www.vupen.com/english/advisories/2009/0905nvd
News mentions
0No linked articles in our index yet.