severity 404234 important
thanks
On Fri, Dec 22, 2006 at 06:51:46PM +0100, Stefan Fritsch wrote:
Package: webcalendar
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been found in webcalender:
Cross-site scripting (XSS) vulnerability in
tags 404234 patch moreinfo
thanks
Hi,
A vulnerability has been found in webcalender:
Cross-site scripting (XSS) vulnerability in export_handler.php in
WebCalendar 1.0.4 and earlier allows remote attackers to inject
arbitrary web script or HTML via the format parameter.
I can see what this
On Saturday 23 December 2006 10:00, Thijs Kinkhorst wrote:
I haven't found a concrete way to exploit it yet, since some HTML
inputs are stripped from all input parameters. A concrete example
would help to confirm the status of this bug. Do you have one?
This page gives an example.
Package: webcalendar
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been found in webcalender:
Cross-site scripting (XSS) vulnerability in export_handler.php in
WebCalendar 1.0.4 and earlier allows remote attackers to inject
arbitrary web script or HTML via
4 matches
Mail list logo