PHP iCalendar 1.12.x - day.php Cross-Site Scripting

2006-12-27T00:00:00
ID EXPLOITPACK:DF9671D9F1F67EB30AE1A78683FB23FA
Type exploitpack
Reporter Lostmon
Modified 2006-12-27T00:00:00

Description

PHP iCalendar 1.12.x - day.php Cross-Site Scripting

                                        
                                            source: https://www.securityfocus.com/bid/21792/info

PHP icalendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. 

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

http://www.example.com/phpicalendar/day.php?cal=all_calendars_combined971 &getdate=20061225"><script>alert()</script>