virus logo Intrusion Prevention

Topic.Calendar.calendar_scheduler.XSS

description-logoDescription

This indicates a possible exploit of a cross-site scripting vulnerability in Topic Calendar Software module of phpBB bulletin board system.
Topic Calendar is a web bulletin board calender developed for phpBB bulletin board system and works on Windows and Linux platforms. A vulnerability is reported in it that may allow an attacker to run a malicious script in victims browser in the security context of the target server running Topic Calender. Due to insufficient sanitization of the "start" parameter sent to calendar_scheduler.php script, an attacker may provide a specially crafted URL link containing a malicious script and persuade a victim to click it. The malicious script will be executed in the victim's browser in the security context of the target websites once it is clicked by that victim. By exploiting this vulnerability, an attacker may steal cookies-based authentication credentials and carry out other attacks.

affected-products-logoAffected Products

Topic Calendar version 1.0.1.

Impact logoImpact

Gain access to the authentication credential and other cookies-based information associated with the target web site.

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor or upgrade to non-vulnerable version.

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 12863
Created Sep 11, 2006
Updated Nov 15, 2021
CVE ID
Risk black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 1.86%
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app
Profile Type XSS