WebCalendar 0.9.x colors.php color XSS

2003-09-03T00:00:00
ID EDB-ID:23097
Type exploitdb
Reporter noconflic
Modified 2003-09-03T00:00:00

Description

WebCalendar 0.9.x colors.php color XSS. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/8539/info

It has been reported that WebCalendar is prone to multiple cross-site scripting vulnerabilites in various modules. The issues exist in includes/js/colors.php, week.php, day.php, month.php, week_details.php, view_l.php, view_m.php, view_t.php, view_v.php, view_w.php, and week_details.php modules of the software. The vulneabilities may allow an attacker to create a malicious link containing HTML or sciprt code that may be rendered in a user's browser.

Successful Exploitation of this issue may allow an attacker to steal cookie-based credentials. Other attacks may well be possible. 

http://www.example.com/webcalendar/colors.php?color=</script><script>alert(document.cookie)</script>