CVE-2007-1111

EPSS 5.9%

Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.

Affected products

n/a · n/a

public PoCs found — 8

exploitdbwww.exploit-db.com/exploits/29646unverified exploitdbwww.exploit-db.com/exploits/29647unverified exploitdbwww.exploit-db.com/exploits/29653unverified exploitdbwww.exploit-db.com/exploits/29648unverified exploitdbwww.exploit-db.com/exploits/29649unverified exploitdbwww.exploit-db.com/exploits/29650unverified exploitdbwww.exploit-db.com/exploits/29651unverified exploitdbwww.exploit-db.com/exploits/29652unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securityreason.com/securityalert/2299 https://exchange.xforce.ibmcloud.com/vulnerabilities/32690 http://www.osvdb.org/33145 http://www.osvdb.org/33146 http://www.osvdb.org/33147 http://www.osvdb.org/33148 http://www.osvdb.org/33149 http://www.osvdb.org/33150 http://www.osvdb.org/33151 http://www.osvdb.org/33152 http://www.osvdb.org/33153 http://www.securityfocus.com/archive/1/461146/100/0/threaded