FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

WebCalendar -- Persistent XSS

Affected packages
WebCalendar <= 1.2.4
WebCalendar-devel <= 1.2.4

Details

VuXML ID 2b20fd5f-552e-11e1-9fb7-003067b2972c
Discovery 2012-01-11
Entry 2012-02-12
Modified 2012-02-13

tom reports,

There is no sanitation on the input of the location variable allowing for persistent XSS.

References

CVE Name CVE-2012-0846
URL http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870