6 matches found
WebCalendar 1.1.6 pref.php Query String XSS
No description provided by source. source: http://www.securityfocus.com/bid/27461/info WebCalendar is prone to multiple HTML-injection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content...
WebCalendar 1.1.6 search.php adv Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/27461/info WebCalendar is prone to multiple HTML-injection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content...
CVE-2007-6696
Multiple cross-site scripting XSS vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via 1 an event description, 2 the query string to pref.php, and 3 the adv parameter to search.php. NOTE: vector 1 requires user authentication...
CVE-2007-6696
Multiple cross-site scripting XSS vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via 1 an event description, 2 the query string to pref.php, and 3 the adv parameter to search.php. NOTE: vector 1 requires user authentication...
WebCalendar 1.1.6 - 'search.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27461/info WebCalendar is prone to multiple HTML-injection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...
WebCalendar 1.1.6 - 'pref.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27461/info WebCalendar is prone to multiple HTML-injection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...