FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpicalendar -- cross site scripting vulnerability

Affected packages
phpicalendar < 2.1

Details

VuXML ID 12f9d9e9-9e1e-11da-b410-000e0c2e438a
Discovery 2005-10-25
Entry 2006-02-15

Francesco Ongaro reports that phpicalendar is vulnerable for a cross site scripting attack. The vulnerability is caused by improper validation of the index.php file allowing attackers to include an arbitrary file with the .php extension

References

Bugtraq ID 15193
CVE Name CVE-2005-3366
URL http://www.ush.it/2005/10/25/php-icalendar-css/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.