← back
CVE-2007-3182

CVE-2007-3182

EPSS 4.3%
Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/30232unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/35695http://osvdb.org/35696http://secunia.com/advisories/25795http://securityreason.com/securityalert/2838https://exchange.xforce.ibmcloud.com/vulnerabilities/35045http://www.netvigilance.com/advisory0037http://www.osvdb.org/35372http://www.securityfocus.com/archive/1/472208/100/0/threadedhttp://www.securityfocus.com/bid/24626http://www.vupen.com/english/advisories/2007/2324