WebCalendar Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running WebCalendar and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to WebCalendar versions 1.2.4 or later, For updates refer to http://www.k5n.us/webcalendar.php

Insight

The flaws are caused by improper validation of user-supplied input in various scripts, which allows attackers to execute arbitrary HTML and script code on the web server.

Affected

WebCalendar versions 1.2.3 and prior.

References

http://packetstormsecurity.org/files/view/102785/SSCHADV2011-008.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability

Take action and discover your vulnerabilities