Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and previous versions, for Joomla! allow remote malicious users to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
codepeople com_multicalendar 4.0.2 |
||
codepeople com_multicalendar |