WebCalendar多个远程漏洞

WebCalendar存在多个跨站脚本攻击（XSS）漏洞。远程攻击者可以通过（1）view_entry.php，（2）view_d.php，（3）usersel.php，（4）datesel.php，（5）trailer.php，或者（6）styles.php注入任意web脚本，正如使用img srg标签。

It is reported that some, or all of these issues have been corrected in the CVS versions of the package. This has not been confirmed.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: XF
名称: webcalendar-img-src-xss(18026)
链接:http://xforce.iss.net/xforce/xfdb/18026

来源: BID
名称: 11651
链接:http://www.securityfocus.com/bid/11651

来源: SECUNIA
名称: 13164
链接:http://secunia.com/advisories/13164

来源: BUGTRAQ
名称: 20041109 Multiple Vulnerabilities in WebCalendar
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110011618724455&w=2