Webcalendar 1.2.4 Cross Site Scripting

Webcalendar 1.2.4 Cross Site Scripting: Posted Jan 21, 2012; Authored by G13; Webcalendar version 1.2.4 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 444d58277e10838b3f5daff614c92b32209795aadee5b0c488b80a898c820cad; Download | Favorite | View

Webcalendar 1.2.4 Cross Site Scripting

# Exploit Title: Webcalendar 1.2.4 'location' XSS
# Date: 01/11/12
# Author: G13
# Software Link: 
https://sourceforge.net/projects/webcalendar/?source=directory
# Version: 1.2.5
# Category: webapps (php)
#

##### Vulnerability #####

There is no sanitation on the input of the location variable.  This 
allows malicious scripts to be added.  This is a stored XSS

##### Vendor Notification #####

01/11/12 - Vendor Notified
01/19/12 - No response, disclosure

##### Affected Variables #####

Location=[XSS]

##### Exploit #####

The script can be added right in the page, there is no filtering of 
input.

Top Authors In Last 30 Days

Red Hat 163 files
Ubuntu 101 files
indoushka 64 files
Debian 24 files
nu11secur1ty 19 files
Apple 13 files
CraCkEr 8 files
Google Security Research 7 files
Gentoo 7 files
LiquidWorm 4 files

File Archives

Systems

AIX (428)
Apple (2,016)
BSD (374)
CentOS (57)
Cisco (1,925)
Debian (6,844)
Fedora (1,692)
FreeBSD (1,245)
Gentoo (4,329)
HPUX (879)
iOS (355)
iPhone (108)
IRIX (220)
Juniper (68)
Linux (46,815)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,916)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,940)
UNIX (9,317)
UnixWare (186)
Windows (6,588)
Other

Webcalendar 1.2.4 Cross Site Scripting

Webcalendar 1.2.4 Cross Site Scripting

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Webcalendar 1.2.4 Cross Site Scripting

Share This

Webcalendar 1.2.4 Cross Site Scripting

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems