Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php.
Advisories
Source ID Title
EUVD EUVD EUVD-2008-6977 Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T11:49:02.489Z

Reserved: 2009-08-21T00:00:00

Link: CVE-2008-7018

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2009-08-21T14:30:00.390

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-7018

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.