CVE-2006-2798 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2006-2798

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php.

Affected Software

Name	Vendor	Start Version	End Version
Phpcommunitycalendar	Phpcommunitycalendar	4.0.3 (including)	4.0.3 (including)

References

http://www.osvdb.org/31691
http://www.osvdb.org/31692
http://www.osvdb.org/31693
https://exchange.xforce.ibmcloud.com/vulnerabilities/26647
https://exchange.xforce.ibmcloud.com/vulnerabilities/26648
https://www.exploit-db.com/exploits/1818