CVE-2023-39543

Summary

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.

Affected Software

VendorProductVersion RangeStatus
LuxSoftLuxCal Web Calendarprior to 5.2.3M (MySQL version)affected
LuxSoftLuxCal Web Calendarprior to 5.2.3L (SQLite version)affected

Weaknesses

  • Cross-site scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References