jetlib.sec » Bugtraq » Webcalendar 1.2.4 'location' XSS

Feeds

132963 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Bugtraq

• January 20, 2012
• 

  Webcalendar 1.2.4 'location' XSS

  Posted: January 20th, 2012, 9:01am PST

  Tags:   

  Posted by tom on Jan 20

  # Exploit Title: Webcalendar 1.2.4 'location' XSS
  # Date: 01/11/12
  # Author: G13
  # Software Link:
  https://sourceforge.net/projects/webcalendar/?source=directory
  # Version: 1.2.5
  # Category: webapps (php)
  #
  
  ##### Vulnerability #####
  
  There is no sanitation on the input of the location variable. This
  allows malicious scripts to be added. This is a stored XSS
  
  ##### Vendor Notification #####
  
  01/11/12 - Vendor Notified
  01/19/12 - No...