CVE-2005-2882 | Vulnerability Database | Aqua Security

Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php, font parameter to (3) calDaily.php, (4) calMonthly.php, (5) calMonthlyP.php, (6) calWeekly.php, (7) calWeeklyP.php, (8) calYearly.php, (9) calYearlyP.php, (10) day.php, or (11) week.php, or (12) CeTi, (13) Contact, (14) Description, (15) ShowAddress parameter to event.php, and other attack vectors.

Affected Software

Name	Vendor	Start Version	End Version
Phpcommunitycalendar	Phpcommunitycalendar	4.0 (including)	4.0 (including)
Phpcommunitycalendar	Phpcommunitycalendar	4.0.1 (including)	4.0.1 (including)
Phpcommunitycalendar	Phpcommunitycalendar	4.0.3 (including)	4.0.3 (including)

References

http://marc.info/?l=bugtraq\u0026m=112605610624004\u0026w=2
http://rgod.altervista.org/phpccal.html
http://secunia.com/advisories/16721/
http://www.securityfocus.com/bid/14767
https://exchange.xforce.ibmcloud.com/vulnerabilities/22176
http://marc.info/?l=bugtraq\u0026m=112605610624004\u0026w=2
http://rgod.altervista.org/phpccal.html
http://secunia.com/advisories/16721/
http://www.securityfocus.com/bid/14767
https://exchange.xforce.ibmcloud.com/vulnerabilities/22176

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2882
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html