PHPEventCalendar Multiple Remote HTML Injection Vulnerabilities
BID:12363
Info
PHPEventCalendar Multiple Remote HTML Injection Vulnerabilities
| Bugtraq ID: | 12363 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 25 2005 12:00AM |
| Updated: | Jan 25 2005 12:00AM |
| Credit: | Madelman <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
phpEventCalendar Web Calendar System 0.2 phpEventCalendar Web Calendar System 0.1 |
| Not Vulnerable: |
phpEventCalendar Web Calendar System 0.2.1 |
Discussion
PHPEventCalendar Multiple Remote HTML Injection Vulnerabilities
Multiple remote HTML injection vulnerabilities affect phpEventCalendar. These issues are due to a failure of the application to sanitize user supplied input prior to including it in dynamically generated Web content.
An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Multiple remote HTML injection vulnerabilities affect phpEventCalendar. These issues are due to a failure of the application to sanitize user supplied input prior to including it in dynamically generated Web content.
An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
PHPEventCalendar Multiple Remote HTML Injection Vulnerabilities
No exploit is required to leverage these issues.
No exploit is required to leverage these issues.
Solution / Fix
PHPEventCalendar Multiple Remote HTML Injection Vulnerabilities
Solution:
The vendor has released an update dealing with this issue.
phpEventCalendar Web Calendar System 0.1
phpEventCalendar Web Calendar System 0.2
Solution:
The vendor has released an update dealing with this issue.
phpEventCalendar Web Calendar System 0.1
-
phpEventCalendar phpEventCalendar 0.2.1
http://www.ikemcg.com/scripts/pec/downloads/pec-0.21.tar.gz
phpEventCalendar Web Calendar System 0.2
-
phpEventCalendar phpEventCalendar 0.2.1
http://www.ikemcg.com/scripts/pec/downloads/pec-0.21.tar.gz
References
PHPEventCalendar Multiple Remote HTML Injection Vulnerabilities
References:
References:
- phpEventCalendar Home Page (phpEventCalendar)
- phpEventCalendar HTML injection (Madelman