[原文]** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146.
CalendarScript was reported to contain a flaw that allows a remote cross site scripting. Original reports indicated the calendar.pl script was prone to XSS attacks in the 'template' or 'username' variables. Subsequent reports from the vulnerability researcher and vendor indicate these were incorrect findings, and no such attack can be carried out.
The vulnerability reported is incorrect. No solution required.