CVE-2010-0636 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0 and other versions before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php (3) month.php and (4) week.php. NOTE: some of these details are obtained from third party information.

Reference

http://holisticinfosec.org/content/view/133/45/ http://secunia.com/advisories/38222 http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2 http://www.securityfocus.com/bid/38053