Arbitrary Script Execution via Cross-Site Scripting in LuxCal Web Calendar

Arbitrary Script Execution via Cross-Site Scripting in LuxCal Web Calendar

CVE-2023-47175 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.