CVE-2007-1234 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php (2) the search parameter to search.php (3) the linkid parameter to redirect.php or (4) the page parameter to calendar_events.php.

Reference

http://osvdb.org/33158 http://osvdb.org/33159 http://osvdb.org/33160 http://osvdb.org/33161 http://securityreason.com/securityalert/2373 http://www.securityfocus.com/archive/1/461305/100/0/threaded http://www.securityfocus.com/archive/1/465849/100/200/threaded