Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0657

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2006-0657
Last Modified 07 Mar 2011 09:30:30
Published 13 Feb 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2006-0657

Summary

Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS.

Vulnerable Systems

Application

  • Softcomplex Php Event Calendar 1.5


References

VUPEN - ADV-2006-0507

SECUNIA - 18792

MISC - http://evuln.com/vulns/63/summary.html

XF - phpeventcalendar-users-xss(24523)

BID - 16588

OSVDB - 23072

OSVDB - 23071

SREASON - 442


Last Updated: 27 May 2016 10:41:45