CVE-2006-6824

CVSS V2 Medium 4.3 CVSS V3 None
Description
Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: it was later reported that vectors b, c, and d also affect 2.24.
Overview
  • CVE ID
  • CVE-2006-6824
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2006-12-29T11:28:00
  • Last Modified Date
  • 2018-10-17T21:49:44
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:php_icalendar:php_icalendar:*:*:*:*:*:*:*:* 1 OR 2.23_rc1
cpe:2.3:a:php_icalendar:php_icalendar:1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php_icalendar:php_icalendar:2.2_beta:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php_icalendar:php_icalendar:2.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php_icalendar:php_icalendar:2.24:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://lostmon.blogspot.com/2006/12/php-icalendar-multiple-variable-cross.html Exploit
http://www.securityfocus.com/bid/21792 Exploit
http://securitytracker.com/id?1017449 Exploit
http://secunia.com/advisories/23499 Vendor Advisory
http://www.osvdb.org/32493
http://www.osvdb.org/32494
http://www.osvdb.org/32495
http://www.osvdb.org/32496
http://www.osvdb.org/32497
http://www.osvdb.org/32498
http://www.osvdb.org/32499
http://www.osvdb.org/32500
https://exchange.xforce.ibmcloud.com/vulnerabilities/31146
http://www.securityfocus.com/archive/1/485397/100/200/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2006-6824
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6824
History
Created Old Value New Value Data Type Notes
2022-05-10 18:10:19 Added to TrackCVE