holisticinfosec.org - HIO-2008-0609-1 PHP Event Calendar XSS

Home
Blog
toolsmith (ISSA)
Research
In The News
Publications & Events
News
Best Practices
Links
How To
Standards
Simplicity
Philosophy
Security News Feeds
Contact
Search

"If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked - Richard Clarke"

RSS

HIO-2008-0609-1 PHP Event Calendar XSS

PHP Event Calendar contains flaws that allows remote cross site scripting.
This flaw exists because the application does not validate the "action" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

SA: 21895

Vendor Solution:

< Prev		Next >

[ Back ]