Lucene search

K

SecurityvulnsSECURITYVULNS:DOC:27493

HistoryDec 26, 2011 - 12:00 a.m.

PHP Booking Calendar 10e XSS

2011-12-2600:00:00

vulners.com

67

Exploit Title: PHP Booking Calendar 10e XSS

Date: 12/16/11

Author: G13

Software Link: http://sourceforge.net/projects/bookingcalendar/

Version: 10e

Category: webapps (php)

Vulnerability

The page_info_message varibale in the details_view.php does not
sanitize input. This is a relective XSS attack.

Exploit

http://127.0.0.1/cal/details_view.php?event_id=1&date=2011-12-01&view=month&loc=loc1&page_info_message=[XSS]