vulnerability

Debian: CVE-2019-18347: davical -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Dec 4, 2019	Dec 16, 2019	Aug 15, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Dec 4, 2019

Added

Dec 16, 2019

Modified

Aug 15, 2025

Description

A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly privileged) user. Affected database fields include Username, Display Name, and Email.

Solution

debian-upgrade-davical

References

CVE-2019-18347
https://attackerkb.com/topics/CVE-2019-18347
CWE-79
DEBIAN-DLA-2034-1
DEBIAN-DSA-4582
DEBIAN-DSA-4582-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today