CVE-2006-0657
published 2006-02-13CVE-2006-0657: Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and…
PriorityP413low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
1.11%
61.8th percentile
Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softcomplex | php_event_calendar | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://evuln.com/vulns/63/summary.htmlhttp://secunia.com/advisories/18792http://securityreason.com/securityalert/442http://www.osvdb.org/23071http://www.osvdb.org/23072http://www.securityfocus.com/bid/16588http://www.vupen.com/english/advisories/2006/0507https://exchange.xforce.ibmcloud.com/vulnerabilities/24523http://evuln.com/vulns/63/summary.htmlhttp://secunia.com/advisories/18792http://securityreason.com/securityalert/442http://www.osvdb.org/23071http://www.osvdb.org/23072http://www.securityfocus.com/bid/16588http://www.vupen.com/english/advisories/2006/0507https://exchange.xforce.ibmcloud.com/vulnerabilities/24523
2006-02-13
Published