Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php, font parameter to (3) calDaily.php, (4) calMonthly.php, (5) calMonthlyP.php, (6) calWeekly.php, (7) calWeeklyP.php, (8) calYearly.php, (9) calYearlyP.php, (10) day.php, or (11) week.php, or (12) CeTi, (13) Contact, (14) Description, (15) ShowAddress parameter to event.php, and other attack vectors.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=112605610624004&w=2 | |
http://rgod.altervista.org/phpccal.html | Exploit Vendor Advisory |
http://secunia.com/advisories/16721/ | Vendor Advisory |
http://www.securityfocus.com/bid/14767 | Exploit |
https://exchange.xforce.ibmcloud.com/vulnerabilities/22176 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2005-09-14 20:03
Updated : 2024-02-04 16:52
NVD link : CVE-2005-2882
Mitre link : CVE-2005-2882
CVE.ORG link : CVE-2005-2882
JSON object : View
Products Affected
phpcommunitycalendar
- phpcommunitycalendar
CWE