CVE-2005-2882 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php font parameter to (3) calDaily.php (4) calMonthly.php (5) calMonthlyP.php (6) calWeekly.php (7) calWeeklyP.php (8) calYearly.php (9) calYearlyP.php (10) day.php or (11) week.php or (12) CeTi (13) Contact (14) Description (15) ShowAddress parameter to event.php and other attack vectors.

Reference

http://marc.info/?l=bugtraq&m=112605610624004&w=2 http://rgod.altervista.org/phpccal.html http://secunia.com/advisories/16721/ http://www.securityfocus.com/bid/14767 https://exchange.xforce.ibmcloud.com/vulnerabilities/22176