CVE-2006-1336 Information

Description

Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 and possibly other versions before 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) year (2) month (3) next and (4) prev parameters.

Reference

http://secunia.com/advisories/19321 http://securityreason.com/securityalert/601 http://www.osvdb.org/23969 http://www.securityfocus.com/archive/1/428131/100/0/threaded http://www.securityfocus.com/bid/17146 http://www.vupen.com/english/advisories/2006/1012 https://exchange.xforce.ibmcloud.com/vulnerabilities/25350