Vulnerability Description
Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mihai Bazon | Pical | <= 0.91h |
| Xoops | Xoops | All versions |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN91591874/index.html
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000013.html
- http://secunia.com/advisories/33986Vendor Advisory
- http://www.securityfocus.com/bid/33896
- http://xoops.peak.ne.jp/md/news/PatchVendor Advisory
- http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=476&easiestml_lanPatchVendor Advisory
- http://jvn.jp/en/jp/JVN91591874/index.html
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000013.html
- http://secunia.com/advisories/33986Vendor Advisory
- http://www.securityfocus.com/bid/33896
- http://xoops.peak.ne.jp/md/news/PatchVendor Advisory
- http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=476&easiestml_lanPatchVendor Advisory
FAQ
What is CVE-2009-0805?
CVE-2009-0805 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the event_id parameter in index.php.
How severe is CVE-2009-0805?
CVE-2009-0805 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0805?
Check the references section above for vendor advisories and patch information. Affected products include: Mihai Bazon Pical, Xoops Xoops.