Package: webcalendar Severity: grave Tags: security Justification: user security hole
A vulnerability has been found in webcalender: Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter. See http://secunia.com/advisories/23341 for details. Please mention the CVE id in the changelog. I think it would be nice if it was fixed in etch, but I guess one could also argue that this is not RC. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]