CVE-2009-1218

Name: CVE-2009-1218
Creator: NVD / NIST
Published: 2009-04-01T18:30:00.563+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.36%

Last modified Jun 16, 2026

CVE-2009-1218 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.. EPSS estimates a 4.36% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.

Metrics

EPSS Probability

4.36%

90.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Sun	Java System Calendar Server	6
Sun	Java System Calendar Server	6.3
Sun	One Calendar Server	6.0

References

Timeline

Published: Apr 1, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-1218?

How severe is CVE-2009-1218?

Severity scoring for CVE-2009-1218 is pending analysis. The EPSS model estimates a 4.36% probability of exploitation in the next 30 days.

How do I fix CVE-2009-1218?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-1218?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST