Lucene search
Mike993B9584C87-60E8-4A03-9E79-5F1E2D595361HistoryOct 19, 2022 - 1:46 p.m.
Stored XSS
2022-10-1913:46:46
mike993
www.huntr.dev
10
webcalendar
stored xss
event location
EPSS
0.001
Percentile
21.3%
Description
webcalendar has a feature to add event and display the location of it. This feature lead to stored xss everytime a user open the calendar or the event detail page.
Proof of Concept
- 1- login as user
- 2- create an event
- 3- insert the payload on βlocationβ field
- 4- Save
- 5- Go back to the calendar
- 6- XSS
#PAYLOAD
"><svg><animatetransform onbegin=alert(document.cookie)>
Related
osv
osv
CVE-2023-0289
2023-01-13 16:15:09
nvd
nvd
CVE-2023-0289
2023-01-13 16:15:09
prion
prion
Cross site scripting
2023-01-13 16:15:00
cvelist
cvelist
CVE-2023-0289 Cross-site Scripting (XSS) - Stored in craigk5n/webcalendar
2023-01-13 00:00:00
cve
cve
CVE-2023-0289
2023-01-13 16:15:09