CVE-2024-1097

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 15, 2024
CWE ID 15

Summary

CVE-2024-1097 is a stored cross-site scripting (XSS) vulnerability affecting version 1.3.0 of craigk5n's webcalendar. This issue resides in the 'Report Name' field during report creation. An attacker can exploit this weakness by injecting malicious scripts, which are subsequently executed in other users' browsers. The consequences of this vulnerability could include the theft of user accounts and cookies, posing a significant security risk to all calendar users.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • PostgreSQL

Affected Vendors

  • PostgreSQL Global Development Group