CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2006-1508

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1240%
EPSS Percentile43.83th
Published2006年3月30日
Last Modified2026年4月16日

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html.

Affected Platforms (CPE)

📦
Mh Software

Connect Daily

<= 3.2.9
📦
Mh Software

Connect Daily

= 3.2.8

References & Advisories

🔗 http://pridels0.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.html
🔗 http://secunia.com/advisories/19434
🔗 http://www.osvdb.org/24181
🔗 http://www.osvdb.org/24182
🔗 http://www.osvdb.org/24183
🔗 http://www.osvdb.org/24184
🔗 http://www.osvdb.org/24185
🔗 http://www.securityfocus.com/bid/17287

相關漏洞威脅

CVE-2007-271210.0

Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors.

CVE-2006-041110.0

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote atta...

CVE-2006-610210.0

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X ser...

CVE-2006-067210.0

Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0.06 has unknown impact and attack vectors.