FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpicalendar -- cross site scripting vulnerability

Affected packages
phpicalendar < 2.1


VuXML ID 12f9d9e9-9e1e-11da-b410-000e0c2e438a
Discovery 2005-10-25
Entry 2006-02-15

Francesco Ongaro reports that phpicalendar is vulnerable for a cross site scripting attack. The vulnerability is caused by improper validation of the index.php file allowing attackers to include an arbitrary file with the .php extension


Bugtraq ID 15193
CVE Name CVE-2005-3366