CVE-2008-7018

Name of the Vulnerable Software and Affected Versions NashTech Easy PHP Calendar version 6.3.25

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the descr parameter in the Details field of an Add New Event action. This occurs in an unspecified request generated by an add action in index.php.

Recommendations For NashTech Easy PHP Calendar version 6.3.25, consider validating and sanitizing user input for the descr parameter to prevent XSS attacks. As a temporary workaround, restrict access to the Add New Event action in index.php to minimize the risk of exploitation.