RSS   Vulnerabilities for 'Php-nuke event calendar'   RSS

2004-12-31
 
CVE-2004-1529

 

 
Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments.

 
 
CVE-2004-1528

 

 
The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error message.

 


Copyright 2024, cxsecurity.com

 

Back to Top