|
|
CVE Reference: CVE-2006-6824 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-6824 |
|
|
Description: Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: it was later reported that vectors b, c, and d also affect 2.24. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/31146 ST 1017449 SAID Secunia Advisory: SA23499 OSVDB 32493 32494 32495 32496 32497 32498 32499 32500 MISC http://lostmon.blogspot.com/2006/12/php-icalendar-multiple-variable-cross.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/485397/100/200/threaded BID 21792 |
|
| Return to the previous page. |
