SECUNIA ADVISORY ID: SA23341
VERIFY ADVISORY: http://secunia.com/advisories/23341/
CRITICAL: Less critical
IMPACT: Cross Site Scripting
SOFTWARE:
WebCalendar 1.x - http://secunia.com/product/5606/
WebCalendar 0.9.x - http://secunia.com/product/1901/
DESCRIPTION: 7all has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "format" parameter in export_handler.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. The vulnerability is confirmed in version 1.0.4. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY: 7all
|
This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2572
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2572