Webcalendar 1.2.4 Cross Site Scripting

Webcalendar 1.2.4 Cross Site Scripting: Posted Jan 21, 2012; Authored by G13; Webcalendar version 1.2.4 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 444d58277e10838b3f5daff614c92b32209795aadee5b0c488b80a898c820cad; Download | Favorite | View

Webcalendar 1.2.4 Cross Site Scripting

# Exploit Title: Webcalendar 1.2.4 'location' XSS
# Date: 01/11/12
# Author: G13
# Software Link: 
https://sourceforge.net/projects/webcalendar/?source=directory
# Version: 1.2.5
# Category: webapps (php)
#

##### Vulnerability #####

There is no sanitation on the input of the location variable.  This 
allows malicious scripts to be added.  This is a stored XSS

##### Vendor Notification #####

01/11/12 - Vendor Notified
01/19/12 - No response, disclosure

##### Affected Variables #####

Location=[XSS]

##### Exploit #####

The script can be added right in the page, there is no filtering of 
input.

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Webcalendar 1.2.4 Cross Site Scripting

Webcalendar 1.2.4 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Webcalendar 1.2.4 Cross Site Scripting

Share This

Webcalendar 1.2.4 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems