SalvusAlert: WebCalendar.php XSS vulnerability

Summary: WebCalendar v1.24 vulnerable to Stored XSS.


Information At A Glance
Source	Version/Dependency	Developer	Severity
g13net.com	1.2.4	cknudsen	MEDIUM
Summary The script WebCalendar.php is vulnerable to Stored Cross Site Scripting attack. (XSS). The researcher has reported that the script can be added right in the page, there is no filtering of input. Fix The current version listed is the same. There is not a fix listed at present. Please contact developer or repair code. Source The source code is from : http://sourceforge.net/projects/webcalendar/?source=directory Reported by: g13net.com

Advertisement: Special Offer – Get Your First 3 Months at Audible.com for $7.49/month!

Disclaimer: Salvus Alerting provides timely industry related information to its subscriber community and visitors for informational purposes only and makes every effort to distribute accurate and reliable information. Any information provided, is considered “as-is” and the subscriber and/or visitor assumes all responsibility for its uses. Salvus Alerting disclaims all warranties with regard to the information being provided, including all implied warranties of merchantability and fitness. In no event shall Salvus Alerting be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other legal action, arising out of or in connection with the use or performance of this information being provided. Salvus Systems and Salvus Alerting is a wholly owned and operated by FactNgN, LLC.