Published: 01/02/2008 Updated: 15/11/2008

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 220

Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote malicious users to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
webcalendar webcalendar 1.1.6

source: wwwsecurityfocuscom/bid/27461/info WebCalendar is prone to multiple HTML-injection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would run in the context of the affected site, ...

source: wwwsecurityfocuscom/bid/27461/info WebCalendar is prone to multiple HTML-injection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would run in the context of the affected site ...

CWE-79 http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html http://www.securityfocus.com/bid/27461 http://osvdb.org/41275 http://osvdb.org/41276 http://osvdb.org/41274 https://nvd.nist.gov https://www.exploit-db.com/exploits/31063/

CVE-2007-6696

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect