CVE-2025-0930 Information

Description

Reflected Cross-Site Scripting (XSS) in TeamCal Neo version 3.8.2. This allows an attacker to execute malicious JavaScript code after injecting code via the ‘abs’ parameter in ‘/teamcal/src/index.php’.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-teamcal-neo