PT-2007-7224 · Bcoos · Bcoos
Publicado
2007-12-15
·
Atualizado
2008-09-05
·
CVE-2007-6365
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
bcoos version 1.0.10
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the
month parameter in the Event Calendar module.Recommendations
For bcoos version 1.0.10, avoid using the
month parameter in the affected module until a fix is available. As a temporary workaround, consider restricting access to the modules/ecal/display.php file to minimize the risk of exploitation.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bcoos