CalendarScript calendar.pl Multiple Variable XSS

2005-04-12T01:33:39
ID OSVDB:15547
Type osvdb
Reporter sNKenjoi(snkenjoi@gmail.com)
Modified 2005-04-12T01:33:39

Description

Vulnerability Description

CalendarScript was reported to contain a flaw that allows a remote cross site scripting. Original reports indicated the calendar.pl script was prone to XSS attacks in the 'template' or 'username' variables. Subsequent reports from the vulnerability researcher and vendor indicate these were incorrect findings, and no such attack can be carried out.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

CalendarScript was reported to contain a flaw that allows a remote cross site scripting. Original reports indicated the calendar.pl script was prone to XSS attacks in the 'template' or 'username' variables. Subsequent reports from the vulnerability researcher and vendor indicate these were incorrect findings, and no such attack can be carried out.

References:

Vendor URL: http://www.calendarscript.com/ Security Tracker: 1013705 Related OSVDB ID: 15546 Other Advisory URL: http://www.snkenjoi.com/secadv/secadv3.txt ISS X-Force ID: 20103 CVE-2005-1145 CVE-2005-1146