|
|
CVE Reference: CVE-2006-0657 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0657 |
|
|
Description: Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/24523 SREASON http://securityreason.com/securityalert/442 SAID Secunia Advisory: SA18792 OSVDB 23071 23072 MISC http://evuln.com/vulns/63/summary.html BID 16588 |
|
| Return to the previous page. |
