PHP.CSS.Parameter.XSS
Description
This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in ActiveCalendar.
The vulnerability is due to input validation errors in various scripts (e.g. "data/flatevents.php") when processing the "css" parameter. It can be exploited by attackers to cause malicious scripting code to be executed by the user's browser.
Affected Products
Active Calendar 1.2.0
Impact
System Compromise: remote script execution.
Recommended Actions
Apply the latest update from the vendor:
http://www.micronetwork.de/activecalendar/.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |