PT-2009-3404 · Pical · Pical
Masako Oono
·
Publicado
2009-03-04
·
Atualizado
2009-03-05
·
CVE-2009-0805
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
piCal versions 0.91h and earlier
Description
The issue allows remote attackers to inject arbitrary web script or HTML via the
event id parameter in "index.php". This is a cross-site scripting (XSS) issue.Recommendations
For versions 0.91h and earlier, avoid using the
event id parameter in the "index.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the vulnerable module to minimize the risk of exploitation.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Pical