Info

Last Modified

2 months ago

Percent Complete

60%

Disclosure

Mar 06, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Keywords

Description

BosDates contains a flaw that allows a remote cross site scripting attack. Input passed to the "type" parameter in calendar.php and to the "category" parameter in calendar_search.php is not properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Available
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Products

Unknown or Incomplete

References

CVE ID: 2008-1211 (see also: NVD)
Bugtraq ID: 28117
Secunia Advisory ID: 29255
ISS X-Force ID: 41020
Related OSVDB ID: 42604
Vendor URL: http://www.bosdev.com/bosdates/

Credit

Russ McRee - holisticinfosec.org

Blogs

Provided by Technorati

2008/03/07 00:00:00 | CVE-2008-1211

from: National Vulnerability Database

CVE-2008-1211 Publish Date: 3/7/2008 Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allows remote attackers to inject arbitrary web script or HTML via (1) the type parameter

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Products

References

Credit

Blogs

Comments