CVE-2004-1651

Name of the Vulnerable Software and Affected Versions phpScheduleIt version 1.0.0 RC1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the registration page. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific fields, including the Name field, Lastname field during new user registration, or the Schedule Name field.

Recommendations For phpScheduleIt version 1.0.0 RC1, as a temporary workaround, consider validating and sanitizing user input for the Name, Lastname, and Schedule Name fields to prevent XSS attacks. Restrict access to these fields until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.