Published: 30/03/2006 Updated: 20/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 455

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mh software connect daily
mh software connect daily 3.2.8

source: wwwsecurityfocuscom/bid/17287/info Connect Daily is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the cont ...

source: wwwsecurityfocuscom/bid/17287/info Connect Daily is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the ...

source: wwwsecurityfocuscom/bid/17287/info Connect Daily is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the co ...

source: wwwsecurityfocuscom/bid/17287/info Connect Daily is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in ...

source: wwwsecurityfocuscom/bid/17287/info Connect Daily is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in th ...

NVD-CWE-Other http://www.securityfocus.com/bid/17287 http://secunia.com/advisories/19434 http://www.osvdb.org/24181 http://www.osvdb.org/24182 http://www.osvdb.org/24183 http://www.osvdb.org/24184 http://www.osvdb.org/24185 http://pridels0.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.html http://www.vupen.com/english/advisories/2006/1125 https://exchange.xforce.ibmcloud.com/vulnerabilities/25474 https://nvd.nist.gov https://www.exploit-db.com/exploits/27502/

CVE-2006-1508

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect