CVE-2006-0657

Name of the Vulnerable Software and Affected Versions Softcomplex PHP Event Calendar version 1.5

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML and corrupt data. The username and password parameters are not sanitized before being written to users.php, potentially leading to direct static code injection with resultant XSS.

Recommendations For Softcomplex PHP Event Calendar version 1.5, consider sanitizing the username and password parameters to prevent code injection and XSS attacks. As a temporary workaround, restrict access to the users.php file to minimize the risk of exploitation.