3 matches found
CVE-2013-5953
Multiple cross-site scripting XSS vulnerabilities in tmpl/layouteditevent.php in the Multi Calendar commulticalendar component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 calid or 2 paletteDefault parameter in an...
CVE-2013-5953
CVE-2013-5953 affects the Joomla! Multi Calendar component (com_multicalendar) 4.0.2 and possibly earlier versions (e.g., 4.8.5), with multiple XSS vulnerabilities in tmpl/layout_editevent.php. The root cause is inadequate sanitization of GET parameters calid and paletteDefault when task editeven...
Joomla! Multi Calendar组件跨站脚本漏洞
CVE ID:CVE-2013-5953 Joomla!是一款内容管理系统。 由于通过"calid"和"paletteDefault" GET参数传递到index.php 当"option"设置为"commulticalendar"和"task"设置为"editevent"的输入在返回用户前没有正确过滤,攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 Multi Calendar 4.x component for Joomla 目前没有详细解决方案提供: http://www.joomla.org...