Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webcalendar | Webcalendar | 1.1.6 |
Related Weaknesses (CWE)
References
- http://osvdb.org/41274
- http://osvdb.org/41275
- http://osvdb.org/41276
- http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.htExploit
- http://www.securityfocus.com/bid/27461Exploit
- http://osvdb.org/41274
- http://osvdb.org/41275
- http://osvdb.org/41276
- http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.htExploit
- http://www.securityfocus.com/bid/27461Exploit
FAQ
What is CVE-2007-6696?
CVE-2007-6696 is a vulnerability with a CVSS score of 2.1 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, a...
How severe is CVE-2007-6696?
CVE-2007-6696 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6696?
Check the references section above for vendor advisories and patch information. Affected products include: Webcalendar Webcalendar.