CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-2798

Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.085

EPSS Ranking 92.0%

CVSS Severity

CVSS v2 Score 6.8

References

http://www.osvdb.org/31691
http://www.osvdb.org/31692
http://www.osvdb.org/31693
https://exchange.xforce.ibmcloud.com/vulnerabilities/26647
https://exchange.xforce.ibmcloud.com/vulnerabilities/26648
https://www.exploit-db.com/exploits/1818
http://www.osvdb.org/31691
http://www.osvdb.org/31692
http://www.osvdb.org/31693
https://exchange.xforce.ibmcloud.com/vulnerabilities/26647
https://exchange.xforce.ibmcloud.com/vulnerabilities/26648
https://www.exploit-db.com/exploits/1818

Products affected by CVE-2006-2798

Phpcommunitycalendar » Phpcommunitycalendar » Version: 4.0.3

cpe:2.3:a:phpcommunitycalendar:phpcommunitycalendar:4.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-2798

Products

Pricing

Contact Us