Summary
This host is running PHP Calendar and is prone to Cross Site Scripting vulnerabilites.
Impact
Successful exploitation will allow attacker to execute arbitrary script code.
Impact level: Application
Solution
Upgrade PHP-Calendar to 2.0 Beta7 or later,
http://code.google.com/p/php-calendar/downloads/list
Insight
The flaws are due to input validation errors when processing the 'description' and 'lastaction' parameters.
Affected
PHP-Calendar version 2.0 Beta6 and prior on all platforms.
References
Severity
Classification
-
CVE CVE-2010-2041 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- aeNovo Database Content Disclosure Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- AdaptCMS 'init.php' Remote File Include Vulnerability