CVE-2007-1111 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php (2) js.php (3) mysqlevents.php (4) m_2.php (5) m_3.php (6) m_4.php (7) xmlevents.php (8) y_2.php or (9) y_3.php in data/.
Reference
http://securityreason.com/securityalert/2299 http://www.osvdb.org/33145 http://www.osvdb.org/33146 http://www.osvdb.org/33147 http://www.osvdb.org/33148 http://www.osvdb.org/33149 http://www.osvdb.org/33150 http://www.osvdb.org/33151 http://www.osvdb.org/33152 http://www.osvdb.org/33153 http://www.securityfocus.com/archive/1/461146/100/0/threaded http://www.securityfocus.com/archive/1/461313/100/0/threaded http://www.securityfocus.com/bid/22705 http://www.vupen.com/english/advisories/2007/0759 https://exchange.xforce.ibmcloud.com/vulnerabilities/32690
Share on: