Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2798

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-2798
Last Modified 05 Sep 2008 05:05:28
Published 02 Jun 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2798

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php.

Vulnerable Systems

Application

  • Phpcommunitycalendar 4.0.3


References

XF - phpcommunitycalendar-multiple-sql-injection(26648)

MILW0RM - 1818

XF - phpcommunitycalendar-week-month-event-xss(26647)

OSVDB - 31693

OSVDB - 31692

OSVDB - 31691


Last Updated: 27 May 2016 10:42:46