Package: webcalendar Severity: important Tags: security Hi,
The following issue has been reported against webcalendar: Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication. (see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6696) Can you please verify whether this applies to the version unstable and if so, get it fixed? Please include the CVE id in any uploads fixing this problem. thanks, Thijs
pgpZBDNWdWau6.pgp
Description: PGP signature
