Bugtraq mailing list archives
PHP Booking Calendar 10e XSS
From: tom <tom () g13net com>
Date: Sun, 18 Dec 2011 15:15:36 -0500
# Exploit Title: PHP Booking Calendar 10e XSS # Date: 12/16/11 # Author: G13 # Software Link: http://sourceforge.net/projects/bookingcalendar/ # Version: 10e # Category: webapps (php) # ##### Vulnerability #####The page_info_message varibale in the details_view.php does not sanitize input. This is a relective XSS attack.
##### Exploit ##### http://127.0.0.1/cal/details_view.php?event_id=1&date=2011-12-01&view=month&loc=loc1&page_info_message=[XSS]
Current thread:
- PHP Booking Calendar 10e XSS tom (Dec 19)