CVE-2006-1508
CVE-2006-1508
Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html.
Affected products
n/a · n/apublic PoCs found — 5
exploitdbwww.exploit-db.com/exploits/27505unverifiedexploitdbwww.exploit-db.com/exploits/27502unverifiedexploitdbwww.exploit-db.com/exploits/27503unverifiedexploitdbwww.exploit-db.com/exploits/27506unverifiedexploitdbwww.exploit-db.com/exploits/27504unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://pridels0.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.htmlhttp://secunia.com/advisories/19434https://exchange.xforce.ibmcloud.com/vulnerabilities/25474http://www.osvdb.org/24181http://www.osvdb.org/24182http://www.osvdb.org/24183http://www.osvdb.org/24184http://www.osvdb.org/24185http://www.securityfocus.com/bid/17287http://www.vupen.com/english/advisories/2006/1125