Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-5953

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-5953
Last Modified 05 May 2014 01:28:58
Published 19 Mar 2014 10:17:44
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-5953

Summary

Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) calid or (2) paletteDefault parameter in an editevent action to index.php.

Vulnerable Systems

Application

  • Codepeople Com Multicalendar 4.0.2

  • Codepeople Com Multicalendar 4.8.5


References

XF - multi-calendar-index-xss(91820)

SECUNIA - 57360

MISC - http://packetstormsecurity.com/files/125738

FULLDISC - 20140315 [CVE-2013-5953]


Last Updated: 27 May 2016 11:04:44