EasyCalendar SQL Injection and XSS

Published by TL Guan March 20th, 2008 in Applications, Cross Site Scripting and SQL Injection.

Application: EasyCalendar
Affected Version: 4.0tr and other versions.
Vendor’s URL: EasyCalendar
Bug Type: SQL Injection and Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Search

Entries RSS

Latest

eGroupWare File Upload
Joomla Jom Comment Component Unspecified SQL Injection
WordPress WP-Download Plugin SQL Injection
AuraCMS SQL Injection
Simple Gallery XSS
Drupal Webform Module Unspecified Script Insertion
PHP Photo Gallery SQL Injection
Wikepage Information Disclosure
Drupal Menu System Security Bypass
Gallery Script Lite Information Disclosure

Exabytes Security Portal

Categories

EasyCalendar SQL Injection and XSS

Search

Subscribe

Latest

Archives