CVE Vulnerability

CVE-2007-1050

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://forums.avenir-geopolitique.net/viewtopic.php?t=2686 Exploit
http://www.securityfocus.com/bid/22635
http://secunia.com/advisories/24222 Vendor Advisory
http://securityreason.com/securityalert/2270
http://osvdb.org/33317
http://osvdb.org/33318
http://osvdb.org/33319
http://www.vupen.com/english/advisories/2007/0679 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32581
http://www.securityfocus.com/archive/1/460598/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:abledesign:mycalendar:*:*:*:*:*:*:*:*
Information

Published : 2007-02-21 11:28

Updated : 2018-10-16 04:36

NVD link : CVE-2007-1050

Mitre link : CVE-2007-1050

Products Affected
No products.
CWE
CWE-79