Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7018

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-7018
Last Modified 21 Aug 2009 12:00:00
Published 21 Aug 2009 10:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7018

Summary

Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php.

Vulnerable Systems

Application

  • Nashtech Easy Php Calendar 6.3.25


References

XF - easyphpcalendar-addnewevent-xss(45517)

BID - 31478

BUGTRAQ - 20080928 PHP Calendar Script Remote XSS (Permanent) Vulnerabilities


Last Updated: 27 May 2016 10:49:26