Nessus Plugin #17613
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Topic Calendar XSS
- Family:
- CGI abuses : XSS
- Category:
- attack
- Copyright:
- This script is Copyright (C) 2005 Noam Rathaus
- Summary:
- Checks for the presence of a Topic Calendar XSS
- Version:
- $Revision: 1.1 $
- Cve_id:
- -
- Bugtraq_id:
- 12893
- Xrefs:
- -
- Description:
Topic Calendar is a quite widespread MOD for phpBB all versions that adds
a calendar to the board, using topics as event.
Due to improper filtering done by the script 'calendar_scheduler.php' a
remote attacker can cause the Topic Calendar product to include arbitrary
HTML and/or JavaScript.
An attacker may use this bug to preform phishing attacks.
Solution : Disable this mod or upgrade to a newer version
Risk factor: Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.