CVE-2008-1211

BosDates 3.x-4.x - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allows remote attackers to inject arbitrary web script or HTML via (1) the type parameter in calendar.php and (2) the category parameter in calendar_search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References (3)

[Vendor Advisory] http://secunia.com/advisories/29255

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28117

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41020

Scores

EPSS 0.0030

EPSS Percentile 52.7%

Classification

CWE

CWE-79

Status draft

Affected Products (4)

bosdev/bosdates

Timeline

Published Mar 08, 2008

Tracked Since Feb 18, 2026