• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

WebCalendar Multiple Cross-Site Scripting Vulnerabilities

It has been reported that WebCalendar is prone to multiple cross-site scripting vulnerabilites in various modules. The issues exist in includes/js/colors.php, week.php, day.php, month.php, week_details.php, view_l.php, view_m.php, view_t.php, view_v.php, view_w.php, and week_details.php modules of the software. The vulneabilities may allow an attacker to create a malicious link containing HTML or sciprt code that may be rendered in a user's browser.

Successful Exploitation of this issue may allow an attacker to steal cookie-based credentials. Other attacks may well be possible.