CVE-2006-2798
phpCommunityCalendar 4.0.3 - Cross-Site Scripting via LoName and AddressLink Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-2798. PoCs published by X0r_1.
AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in phpCommunityCalendar 4.0.3, including XSS and SQL injection. It provides functional URLs with payloads to exploit these vulnerabilities.
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php.
Exploits (1)
The exploit demonstrates multiple vulnerabilities in phpCommunityCalendar 4.0.3, including XSS and SQL injection. It provides functional URLs with payloads to exploit these vulnerabilities.