Medium severity6.1NVD Advisory· Published May 18, 2017· Updated May 13, 2026

CVE-2017-9072

Description

Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm.

Affected products

Calendarxp/Flatcalendarxp
cpe:2.3:a:calendarxp:flatcalendarxp:*:*:*:*:*:*:*:*
Range: <=9.9.290
Calendarxp/Popcalendarxp
cpe:2.3:a:calendarxp:popcalendarxp:*:*:*:*:*:*:*:*
Range: <=9.8.308

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/victorwon/calendarxp/issues/2nvdThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlnvd
www.securityfocus.com/bid/102632nvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000