2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2007-6274
CVE-2007-6274 describes multiple cross-site scripting (XSS) vulnerabilities in the Event Calendar module ec al/display.php for the product family/bcoos, affecting versions 1.0.10 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML by manipulating the (1) day or (2...