WebCalendar Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running WebCalendar and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to WebCalendar versions 1.2.4 or later, For updates refer to http://www.k5n.us/webcalendar.php

Insight

The flaws are caused by improper validation of user-supplied input in various scripts, which allows attackers to execute arbitrary HTML and script code on the web server.

Affected

WebCalendar versions 1.2.3 and prior.

References

http://packetstormsecurity.org/files/view/102785/SSCHADV2011-008.txt

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Rave User Information Disclosure Vulnerability
AdaptCMS 'init.php' Remote File Include Vulnerability
Apache Open For Business HTML injection vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities