PT-2009-3404 · Pical · Pical
Masako Oono
·
Published
2009-03-04
·
Updated
2009-03-05
·
CVE-2009-0805
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
piCal versions 0.91h and earlier
Description
The issue allows remote attackers to inject arbitrary web script or HTML via the
event id parameter in "index.php". This is a cross-site scripting (XSS) issue.Recommendations
For versions 0.91h and earlier, avoid using the
event id parameter in the "index.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the vulnerable module to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pical