Bugtraq mailing list archives
Webcalendar 1.2.4 'location' XSS
From: tom <tom () g13net com>
Date: Thu, 19 Jan 2012 22:34:46 -0500
# Exploit Title: Webcalendar 1.2.4 'location' XSS # Date: 01/11/12 # Author: G13# Software Link: https://sourceforge.net/projects/webcalendar/?source=directory
# Version: 1.2.5 # Category: webapps (php) # ##### Vulnerability #####There is no sanitation on the input of the location variable. This allows malicious scripts to be added. This is a stored XSS
##### Vendor Notification ##### 01/11/12 - Vendor Notified 01/19/12 - No response, disclosure ##### Affected Variables ##### Location=[XSS] ##### Exploit #####The script can be added right in the page, there is no filtering of input.
Current thread:
- Webcalendar 1.2.4 'location' XSS tom (Jan 20)