VYPR
Unrated severityNVD Advisory· Published Aug 21, 2009· Updated Jun 16, 2026

CVE-2008-7018

CVE-2008-7018

Description

Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php.

Affected products

2
  • cpe:2.3:a:nashtech:easy_php_calendar:6.3.25:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:nashtech:easy_php_calendar:6.3.25:*:*:*:*:*:*:*
    • (no CPE)range: = 6.3.25

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.