XSS and directory traversal issues were fixed in WebCalendar 1.2.8: CVE-2017-10840: * Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. CVE-2017-10841: * Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. References: https://jvn.jp/en/jp/JVN23340457/index.html https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8 https://github.com/craigk5n/webcalendar/commit/9e5b06f4d1c55ff4faa6da5df5254511df7a586a
Created WebCalendar tracking bugs for this issue: Affects: fedora-all [bug 1486209]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.