Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1336

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1336
Last Modified 07 Mar 2011 09:32:50
Published 20 Mar 2006 09:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1336

Summary

Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 and possibly other versions before 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) year, (2) month, (3) next, and (4) prev parameters.

Vulnerable Systems

Application

  • Extcalendar 1.0


References

VUPEN - ADV-2006-1012

BID - 17146

BUGTRAQ - 20060319 ExtCalendar v1.0 Multiple Xss Vuln

XF - extcalendar-calendar-xss(25350)

OSVDB - 23969

SREASON - 601

SECUNIA - 19321


Last Updated: 27 May 2016 10:42:02