Vulnerability Description
Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Luxsoft | Luxcal Web Calendar | < 5.2.4l |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN15005948/Third Party Advisory
- https://www.luxsoft.eu/Product
- https://www.luxsoft.eu/?downloadRelease Notes
- https://www.luxsoft.eu/lcforum/viewtopic.php?id=476Issue Tracking
- https://jvn.jp/en/jp/JVN15005948/Third Party Advisory
- https://www.luxsoft.eu/Product
- https://www.luxsoft.eu/?downloadRelease Notes
- https://www.luxsoft.eu/lcforum/viewtopic.php?id=476Issue Tracking
FAQ
What is CVE-2023-47175?
CVE-2023-47175 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute a...
How severe is CVE-2023-47175?
CVE-2023-47175 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-47175?
Check the references section above for vendor advisories and patch information. Affected products include: Luxsoft Luxcal Web Calendar.