Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Event Calendar PHP "cal_year" Cross-Site Scripting Vulnerability
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Vulnerabilities
See the original Secunia advisory:
Event Calendar PHP "cal_year" Cross-Site Scripting Vulnerability
| Secunia | Event Calendar PHP "cal_year" Cross-Site Scripting Vulnerability |
|---|---|
 |
21st Apr, 2012 08:32 |
|
Ranking: 0 Posts: 0 User Since: - System Score: - Location: Copenhagen, DK |
A vulnerability has been reported in Event Calendar PHP, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "cal_year" parameter to certain scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions downloaded prior to 2012-03-27. |
| nevenov | RE: Event Calendar PHP "cal_year" Cross-Site Scripting Vulnerability | ||||||||
|
21st Apr, 2012 08:32 | ||||||||
| Score: 0 Posts: 1 User Since: 21st Apr 2012 System Score: N/A Location: BG Last edited on 21st Apr, 2012 08:32 |
This Cross-Site Scripting Vulnerability is already fixed on Event Calendar PHP. Regards, Stoian Nedev Event Calendar PHP creator |
||||||||
|
|||||||||
