CVE-2007-6696
Publication date 1 February 2008
Last updated 24 July 2024
Ubuntu priority
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
Notes
fujitsu
None of the three vulnerabilities are present in Debian's 1.0.x. See the Debian bug for explanation.