CVE-2006-1835

Опубликовано: 19 апр. 2006

Источник: nvd

CVSS2: 2.6

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.

Ссылки

http://secunia.com/advisories/19710
http://securityreason.com/securityalert/727
http://securitytracker.com/id?1015954
http://www.securityfocus.com/archive/1/431122/100/0/threaded
http://www.securityfocus.com/bid/17562
Exploit
http://www.vupen.com/english/advisories/2006/1376
https://exchange.xforce.ibmcloud.com/vulnerabilities/25874
http://secunia.com/advisories/19710
http://securityreason.com/securityalert/727
http://securitytracker.com/id?1015954
http://www.securityfocus.com/archive/1/431122/100/0/threaded
http://www.securityfocus.com/bid/17562
Exploit
http://www.vupen.com/english/advisories/2006/1376
https://exchange.xforce.ibmcloud.com/vulnerabilities/25874

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vincent_hor:calendarix:0.6.2005-08-30:*:*:*:*:*:*:*

cpe:2.3:a:vincent_hor:calendarix_advanced:1.5.2005-05-01:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.007

Низкий

2.6 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-qg65-jq74-xv77

github

почти 4 года назад