CVE-2007-6696 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description (2) the query string to pref.php and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.

Reference

http://osvdb.org/41274 http://osvdb.org/41275 http://osvdb.org/41276 http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html http://www.securityfocus.com/bid/27461