Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7018


Vulnerability Score 4.3 4.3
CVE Id CVE-2008-7018
Last Modified 21 Aug 2009 12:00:00
Published 21 Aug 2009 10:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php.

Vulnerable Systems


  • Nashtech Easy Php Calendar 6.3.25


XF - easyphpcalendar-addnewevent-xss(45517)

BID - 31478

BUGTRAQ - 20080928 PHP Calendar Script Remote XSS (Permanent) Vulnerabilities

Last Updated: 27 May 2016 10:49:26