CVE-2017-6485

A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

packagechannelchannel versionpkg versionstatus
php74Extensions.calendar
nixos-unstable
2020-05-16 06:35:37 UTC (32b8ed)7.4.4vulnerable
2020-05-14 10:45:36 UTC (8ba41a)7.4.4vulnerable
2020-05-14 05:55:25 UTC (9a29fe)7.4.4vulnerable
2020-05-12 12:30:34 UTC (683c68)7.4.4vulnerable
2020-04-29 22:20:14 UTC (fce756)7.4.4vulnerable
2020-04-27 07:20:22 UTC (7c399a)7.4.4vulnerable
2020-04-21 11:50:36 UTC (22a3bf)7.4.4vulnerable
2020-04-20 18:55:24 UTC (b3c3a0)7.4.4vulnerable
2020-04-17 16:30:35 UTC (b61999)7.4.4vulnerable
2020-04-13 19:25:19 UTC (868692)7.4.4vulnerable
2020-04-13 08:25:23 UTC (81a6a8)7.4.4vulnerable
2020-04-12 06:15:29 UTC (807ca9)7.4.4vulnerable
2020-04-10 15:20:38 UTC (9b0d2f)7.4.4vulnerable
2020-04-08 01:15:40 UTC (39247f)7.4.3vulnerable
php80Extensions.calendar
nixos-unstable
2020-12-30 13:40:40 UTC (733e53)8.0.0vulnerable
2020-12-28 03:35:23 UTC (2f4765)8.0.0vulnerable
2020-12-26 19:40:21 UTC (84917a)8.0.0vulnerable
2020-12-25 22:30:40 UTC (be0b45)8.0.0vulnerable
2020-12-24 11:50:43 UTC (57a787)8.0.0vulnerable
2020-12-09 23:30:18 UTC (e9158e)8.0.0vulnerable
2020-12-07 13:45:28 UTC (83cbad)8.0.0vulnerable
2020-12-04 00:20:45 UTC (296793)8.0.0vulnerable