ACal.Calendar.Cookie.Based.Authentication.Bypass
Description
This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in the ACal Calendar Project.
The vulnerability is due to an error in the "login.php" script. The script relies on the "ACalAuthenticate" cookie parameter to determine if a user has been successfully authenticated. This can be exploited by remote attackers to bypass the authentication process and gain unauthorized access to the application, by setting the "ACalAuthenticate" parameter to "inside".
Affected Products
ACal Project 2.2.5
Impact
Security Bypass.
Recommended Actions
Upgrade to the latest version of ACal Project (2.2.6 or later):
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |