Joomla Component Multi Calendar Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is installed with Joomla component Multi Calendar and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site and launch other attacks. Impact Level: Application

Solution

No solution or patch is available as of 9th February, 2015. Information regarding this issue will updated once the solution details are available. For updates refer http://www.joomlacalendars.com

Insight

Multiple flaws are due to insufficient validation of 'calid' and 'paletteDefault' HTTP GET parameters passed to 'index.php' script.

Affected

Joomla Component Multi Calendar version 4.0.2 and probably other versions

Detection

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

References

http://packetstormsecurity.com/files/125738/Joomla-Multi-Calendar-4.0.2-Cross-Site-Scripting.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-5953

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Take action and discover your vulnerabilities