Medium severity5.4NVD Advisory· Published Dec 4, 2019· Updated Jun 17, 2026
CVE-2019-18347
CVE-2019-18347
Description
A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly privileged) user. Affected database fields include Username, Display Name, and Email.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- DAViCal/DAViCaldescription
Patches
Vulnerability mechanics
References
10- hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/nvdExploitThird Party Advisory
- packetstormsecurity.com/files/155628/DAViCal-CalDAV-Server-1.1.8-Persistent-Cross-Site-Scripting.htmlnvdThird Party Advisory
- seclists.org/fulldisclosure/2019/Dec/17nvdThird Party Advisory
- seclists.org/fulldisclosure/2019/Dec/18nvdThird Party Advisory
- seclists.org/fulldisclosure/2019/Dec/19nvdThird Party Advisory
- gitlab.com/davical-project/davical/blob/master/ChangeLognvdRelease NotesThird Party Advisory
- www.davical.orgnvdProduct
- lists.debian.org/debian-lts-announce/2019/12/msg00016.htmlnvd
- seclists.org/bugtraq/2019/Dec/30nvd
- www.debian.org/security/2019/dsa-4582nvd
News mentions
0No linked articles in our index yet.