CVE-2006-1835
published 2006-04-19CVE-2006-1835: Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.
PriorityP415low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
2.01%
78.5th percentile
Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vincent_hor | calendarix | — | — |
| vincent_hor | calendarix | — | — |
| vincent_hor | calendarix_advanced | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qg65-jq74-xv77: Cross-site scripting (XSS) vulnerability in yearcal
ghsa_unreviewed·2022-05-01
CVE-2006-1835 [LOW] GHSA-qg65-jq74-xv77: Cross-site scripting (XSS) vulnerability in yearcal
Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.
GHSA
GHSA-xpc8-q78m-cqrv: Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0
ghsa_unreviewed·2022-05-01·CVSS 2.6
CVE-2007-3182 [LOW] GHSA-xpc8-q78m-cqrv: Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0
Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/19710http://securityreason.com/securityalert/727http://securitytracker.com/id?1015954http://www.securityfocus.com/archive/1/431122/100/0/threadedhttp://www.securityfocus.com/bid/17562http://www.vupen.com/english/advisories/2006/1376https://exchange.xforce.ibmcloud.com/vulnerabilities/25874http://secunia.com/advisories/19710http://securityreason.com/securityalert/727http://securitytracker.com/id?1015954http://www.securityfocus.com/archive/1/431122/100/0/threadedhttp://www.securityfocus.com/bid/17562http://www.vupen.com/english/advisories/2006/1376https://exchange.xforce.ibmcloud.com/vulnerabilities/25874
2006-04-19
Published