EasyCalendar SQL Injection and Cross-Site Scripting Vulnerabilities

info
discussion
exploit
solution
references

EasyCalendar SQL Injection and Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim to follow a malicious URI.

The following proof-of-concept URIs are available:

/data/vulnerabilities/exploits/28232.html