← back
CVE-2010-0376

CVE-2010-0376

EPSS 1.5%
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.org/1001-exploits/phpcalendars-xss.txtunverifiedcve_referencewww.exploit-db.com/exploits/11082unverifiedexploitdbwww.exploit-db.com/exploits/11082unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.org/1001-exploits/phpcalendars-xss.txthttp://secunia.com/advisories/38036https://exchange.xforce.ibmcloud.com/vulnerabilities/55517http://www.exploit-db.com/exploits/11082http://www.securityfocus.com/bid/40391