Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP Event Calendar 跨站脚本攻击漏洞
Vulnerability Description
Softcomplex PHP Event Calendar 1.5中存在跨站脚本攻击(XSS)漏洞。远程认证用户可以借助(1) username和(2) password参数(在写入user.php之前没有经过审查)注入任意Web脚本或HTML以及错误数据。注意:该问题最开始报告为XSS,但主要问题可能是直接静态代码注入而导致的XSS。
CVSS Information
N/A
Vulnerability Type
N/A