Summary
This host is running PHP Calendar and is prone to Cross Site Scripting vulnerabilites.
Impact
Successful exploitation will allow attacker to execute arbitrary script code.
Impact level: Application
Solution
Upgrade PHP-Calendar to 2.0 Beta7 or later,
http://code.google.com/p/php-calendar/downloads/list
Insight
The flaws are due to input validation errors when processing the 'description' and 'lastaction' parameters.
Affected
PHP-Calendar version 2.0 Beta6 and prior on all platforms.
References
Severity
Classification
-
CVE CVE-2010-2041 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities