{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1686?format=json","vulnerability_id":"VCID-8ggr-4w7g-skan","summary":"The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.*","aliases":[{"alias":"CVE-2019-11701"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1690?format=json","purl":"pkg:alpm/archlinux/firefox@67.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@67.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/94532?format=json","purl":"pkg:deb/debian/firefox@67.0-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@67.0-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1689?format=json","purl":"pkg:alpm/archlinux/firefox@66.0.5-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cgm-9y8c-cufx"},{"vulnerability":"VCID-2m6k-ur1p-xkdp"},{"vulnerability":"VCID-2ysc-4sp5-w7bg"},{"vulnerability":"VCID-3pd2-cent-rug4"},{"vulnerability":"VCID-3scc-qaat-6fcu"},{"vulnerability":"VCID-8ggr-4w7g-skan"},{"vulnerability":"VCID-dace-wnut-j7g5"},{"vulnerability":"VCID-kvzw-8f7a-t3b6"},{"vulnerability":"VCID-mamz-qn64-67dy"},{"vulnerability":"VCID-msbq-11je-jqg5"},{"vulnerability":"VCID-q7gq-5cb3-9khq"},{"vulnerability":"VCID-qv17-4yg6-yqhf"},{"vulnerability":"VCID-rumu-a3np-f3fc"},{"vulnerability":"VCID-x9zb-76d2-b3au"},{"vulnerability":"VCID-yhen-6hyd-3ug8"},{"vulnerability":"VCID-z1qg-tbqw-pbd4"},{"vulnerability":"VCID-znh5-2s68-skb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0.5-1"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11701","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46498","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11701"},{"reference_url":"https://security.archlinux.org/ASA-201905-9","reference_id":"ASA-201905-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-9"},{"reference_url":"https://security.archlinux.org/AVG-966","reference_id":"AVG-966","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-966"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13","reference_id":"mfsa2019-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ggr-4w7g-skan"}