CVE-2014-7291 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter.

Reference

http://seclists.org/fulldisclosure/2014/Nov/90 http://tetraph.com/security/cves/cve-2014-7291-springshare-libcal-xss-cross-site-scripting-vulnerability/ https://exchange.xforce.ibmcloud.com/vulnerabilities/99000