#2019 \"format\" Cross-Site Scripting Vulnerability

Security_Hole
closed
Security (98)
5
2007-08-29
2007-04-05
No

CVE-2006-6669

According to: http://secunia.com/advisories/23341

"7all has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "format" parameter in export_handler.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

The vulnerability is confirmed in version 1.0.4. Other versions may also be affected."

Discussion

  • Ray Jones

    Ray Jones - 2007-07-29

    Logged In: YES
    user_id=1090373
    Originator: NO

    A new version of WebCalendar was recently released. Please try
    upgrading your WebCalendar to this version & let us know if it
    resolves the issue. Thanks for using WebCalendar!

     
  • Ray Jones

    Ray Jones - 2007-07-29
    • summary: "format" Cross-Site Scripting Vulnerability --> \"format\" Cross-Site Scripting Vulnerability
    • status: open --> pending
     
  • SourceForge Robot

    • status: pending --> closed
     
  • SourceForge Robot

    Logged In: YES
    user_id=1312539
    Originator: NO

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 30 days (the time period specified by
    the administrator of this Tracker).

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks