Vulnerability Description
Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Softcomplex | Php Event Calendar | 1.5 |
References
- http://evuln.com/vulns/63/summary.htmlVendor Advisory
- http://secunia.com/advisories/18792Vendor Advisory
- http://securityreason.com/securityalert/442
- http://www.osvdb.org/23071
- http://www.osvdb.org/23072
- http://www.securityfocus.com/bid/16588
- http://www.vupen.com/english/advisories/2006/0507
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24523
- http://evuln.com/vulns/63/summary.htmlVendor Advisory
- http://secunia.com/advisories/18792Vendor Advisory
- http://securityreason.com/securityalert/442
- http://www.osvdb.org/23071
- http://www.osvdb.org/23072
- http://www.securityfocus.com/bid/16588
- http://www.vupen.com/english/advisories/2006/0507
FAQ
What is CVE-2006-0657?
CVE-2006-0657 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) ...
How severe is CVE-2006-0657?
CVE-2006-0657 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0657?
Check the references section above for vendor advisories and patch information. Affected products include: Softcomplex Php Event Calendar.