CVE-2010-0349

EUVD-2010-0380
Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.  NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
c-3.co.jpwebcalenderc3
𝑥
≤ 0.32
c-3.co.jpwebcalenderc3
0.31
c-3.co.jpwebcalenderc3
0.31:s2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN33977065/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000002.html
http://secunia.com/advisories/38135
http://webcal.c-3.jp/zeijakusei.html
http://www.osvdb.org/61629
http://jvn.jp/en/jp/JVN33977065/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000002.html
http://secunia.com/advisories/38135
http://webcal.c-3.jp/zeijakusei.html
http://www.osvdb.org/61629