XSS Vulnerability
Brought to you by:
ecklesweb
Menu
▾
▴
#7 XSS Vulnerability
Cross-site scripting vulnerability via several parameters. Vulnerability does not affect affect any authentication (such as web-based admin) in CGI Calendar proper, but may affect web server provided authentication (such as HTTP Basic) depending on how that authentication is implemented by the web server. Jay has a simple proof-of-concept of the vulnerability for anyone wanting to fix it. I do not have a POC for any kind of authentication vulnerability. All CERT-like orgs that have listed this bug have listed it as low risk.
