Unrated severityNVD Advisory· Published May 25, 2010· Updated Apr 29, 2026
CVE-2010-2041
CVE-2010-2041
Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters.
Affected products
18cpe:2.3:a:php-calendar:php-calendar:0.1:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:php-calendar:php-calendar:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:2.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:php-calendar:php-calendar:*:beta6:*:*:*:*:*:*range: <=2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.securityfocus.com/bid/40334nvdPatch
- secunia.com/advisories/33899nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1202nvdVendor Advisory
- packetstormsecurity.org/1005-advisories/phpcalendar-xss.txtnvd
- php-calendar.blogspot.com/2010/05/php-calendar-20-beta7.htmlnvd
- www.securityfocus.com/archive/1/511395/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/58861nvd
News mentions
0No linked articles in our index yet.