Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-02-01T19:41:00
Updated: 2024-08-07T16:18:20.550Z
Reserved: 2008-02-01T00:00:00
Link: CVE-2007-6696
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-02-01T20:00:00.000
Modified: 2024-11-21T00:40:47.250
Link: CVE-2007-6696
Redhat
No data.