Intrusion Prevention

PHP.CSS.Parameter.XSS

Description

This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in ActiveCalendar.
The vulnerability is due to input validation errors in various scripts (e.g. "data/flatevents.php") when processing the "css" parameter. It can be exploited by attackers to cause malicious scripting code to be executed by the user's browser.

Affected Products

Active Calendar 1.2.0

Impact

System Compromise: remote script execution.

Recommended Actions

Apply the latest update from the vendor:
http://www.micronetwork.de/activecalendar/.

CVE References

CVE-2007-1111