PT-2005-2823 · Calendarix · Calendarix Advanced

Published

2005-05-31

Updated

2008-09-05

CVE-2005-1866

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Calendarix Advanced version 1.5

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the year parameter in the "calendar.php" file.

Recommendations For Calendarix Advanced version 1.5, update the calendar.php file to properly sanitize the year parameter to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the calendar.php file until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1866

Affected Products

Calendarix Advanced

PT-2005-2823 · Calendarix · Calendarix Advanced

CVE-2005-1866

Related Identifiers

Affected Products

References · 5