// For flags

CVE-2007-6365

 

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the day and year vectors are covered by CVE-2007-6274.

Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules/ecal/display.php en el Event Calendar de bcoos 1.0.10 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro month. NOTA: El origen de esta información es desconocido; los detalles se han obtenido solamente de información de terceros. NOTA: los vectores día y año son cubiertos en CVE-2007-6274.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-12-14 CVE Reserved
  • 2007-12-15 CVE Published
  • 2024-09-17 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
http://secunia.com/advisories/26945 2008-09-05
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Bcoos
Search vendor "Bcoos"
 Event Calendar
Search vendor "Bcoos" for product "Event Calendar"
 1.0.10
Search vendor "Bcoos" for product "Event Calendar" and version "1.0.10"
-
Affected