#2019 \"format\" Cross-Site Scripting Vulnerability

Security (98)


According to: http://secunia.com/advisories/23341

"7all has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "format" parameter in export_handler.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

The vulnerability is confirmed in version 1.0.4. Other versions may also be affected."


  • Ray Jones

    Ray Jones - 2007-07-29

    Logged In: YES
    Originator: NO

    A new version of WebCalendar was recently released. Please try
    upgrading your WebCalendar to this version & let us know if it
    resolves the issue. Thanks for using WebCalendar!

  • Ray Jones

    Ray Jones - 2007-07-29
    • summary: "format" Cross-Site Scripting Vulnerability --> \"format\" Cross-Site Scripting Vulnerability
    • status: open --> pending
  • SourceForge Robot

    • status: pending --> closed
  • SourceForge Robot

    Logged In: YES
    Originator: NO

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 30 days (the time period specified by
    the administrator of this Tracker).


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks