PT-2004-2437 · Php Nuke · Event Calendar Module

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1529

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Event Calendar module version 2.13 for PHP-Nuke

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to execute arbitrary web script via specific parameters in a Preview operation or event comments. The vulnerable parameters include type, day, month, and year.

Recommendations For Event Calendar module version 2.13, consider disabling the Preview operation and restricting access to event comments until a fix is available. Avoid using the parameters type, day, month, and year in the affected module to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1529

Affected Products

Event Calendar Module

PT-2004-2437 · Php Nuke · Event Calendar Module

CVE-2004-1529

Related Identifiers

Affected Products

References · 7