MEDIUM
PHP Calendar
CVE published 2017-03-05
CVE-2017-6485
CVE-2017-6485 is a cross-site scripting (XSS) vulnerability in php-calendar. The issue comes from insufficient filtering of user-supplied data in the errorMsg parameter passed to php-calendar-master/error.php, allowing an attacker to inject HTML or script content into a victim’s browser in the context of the vulnerable site. NVD classifies the weakness as CWE-79 and rates the issue CVSS 3.0 6.1 (Medium). [truncated]