Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
WebCalendar Multiple CSS and CSRF Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is running WebCalendar and is prone to multiple CSS and CSRF Vulnerabilities.
Insight
Insight
- Input passed to the 'tab' parameter in 'users.php' is not properly sanitised before being returned to the user. - Input appended to the URL after 'day.php', 'month.php', and 'week.php' is not properly sanitised before being returned to the user. - The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to delete an event, ban an IP address from posting, or change the administrative password if a logged-in administrative user visits a malicious web site.
Affected Software
Affected Software
WebCalendar version 1.2.0 and prior.
Solution
Solution
Upgrade to WebCalendar version 1.2.1 or later.