Summary
This host is running WebCalendar and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to WebCalendar versions 1.2.4 or later,
For updates refer to http://www.k5n.us/webcalendar.php
Insight
The flaws are caused by improper validation of user-supplied input in various scripts, which allows attackers to execute arbitrary HTML and script code on the web server.
Affected
WebCalendar versions 1.2.3 and prior.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Rave User Information Disclosure Vulnerability
- AdaptCMS 'init.php' Remote File Include Vulnerability
- Apache Open For Business HTML injection vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities