severity 404234 important
thanks
On Fri, Dec 22, 2006 at 06:51:46PM +0100, Stefan Fritsch wrote:
> Package: webcalendar
> Severity: grave
> Tags: security
> Justification: user security hole
> A vulnerability has been found in webcalender:
> Cross-site scripting (XSS) vulnerability in export_han
Processing commands for [EMAIL PROTECTED]:
> severity 404234 important
Bug#404234: CVE-2006-6669: WebCalendar XSS
Severity set to `important' from `grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrato
On Saturday 23 December 2006 10:00, Thijs Kinkhorst wrote:
> I haven't found a concrete way to exploit it yet, since some HTML
> inputs are stripped from all input parameters. A concrete example
> would help to confirm the status of this bug. Do you have one?
This page gives an example.
http://ww
tags 404234 patch moreinfo
thanks
Hi,
> A vulnerability has been found in webcalender:
>
> Cross-site scripting (XSS) vulnerability in export_handler.php in
> WebCalendar 1.0.4 and earlier allows remote attackers to inject
> arbitrary web script or HTML via the format parameter.
I can see what
Package: webcalendar
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been found in webcalender:
Cross-site scripting (XSS) vulnerability in export_handler.php in
WebCalendar 1.0.4 and earlier allows remote attackers to inject
arbitrary web script or HTML via t
5 matches
Mail list logo
