phpicalendar -- cross site scripting vulnerability

2005-10-25T00:00:00
ID 12F9D9E9-9E1E-11DA-B410-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2005-10-25T00:00:00

Description

Francesco Ongaro reports that phpicalendar is vulnerable for a cross site scripting attack. The vulnerability is caused by improper validation of the index.php file allowing attackers to include an arbitrary file with the .php extension