Vulnerability Description
Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yoshinori Tahara | Mycaljp | 2.0.0 |
| Geeklog | Geeklog | 1.5.0 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN20478978/index.html
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000055.html
- http://secunia.com/advisories/36404Vendor Advisory
- http://secunia.com/advisories/36413Vendor Advisory
- http://www.geeklog.jp/article.php/20090820020302431
- http://jvn.jp/en/jp/JVN20478978/index.html
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000055.html
- http://secunia.com/advisories/36404Vendor Advisory
- http://secunia.com/advisories/36413Vendor Advisory
- http://www.geeklog.jp/article.php/20090820020302431
FAQ
What is CVE-2009-3021?
CVE-2009-3021 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or...
How severe is CVE-2009-3021?
CVE-2009-3021 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3021?
Check the references section above for vendor advisories and patch information. Affected products include: Yoshinori Tahara Mycaljp, Geeklog Geeklog.