2 matches found
CVE-2010-4880
CVE-2010-4880 : Multiple XSS flaws in calendar.class.php of ApPHP Calendar (ApPHP CAL) allow remote injection of scripts via category_name, category_description, event_name, or event_description parameters. The connected documents confirm the vulnerable component and vectors but do not provide ve...
CVE-2010-4881
Affected product : ApPHP Calendar (ApPHP CAL), specifically the calendar.class.php component. Vulnerability : Multiple cross-site request forgery (CSRF) weaknesses that allow remote attackers to hijack an authenticated user’s session for requests using one of four parameters: category_name, categ...