ActiveCalendar data/y_2.php css Variable XSS

2007-02-24T07:17:11
ID OSVDB:33152
Type osvdb
Reporter Simon Bonnard(simon.itsecurity@gmail.com)
Modified 2007-02-24T07:17:11

Description

Vulnerability Description

ActiveCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variables upon submission to the 'y_2.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ActiveCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variables upon submission to the 'y_2.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[VICTIM]/activecalendar/data/y_2.php?css="><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.micronetwork.de/activecalendar/ Related OSVDB ID: 33147 Related OSVDB ID: 33150 Related OSVDB ID: 33144 Related OSVDB ID: 33146 Related OSVDB ID: 33153 Related OSVDB ID: 33145 Related OSVDB ID: 33148 Related OSVDB ID: 33149 Related OSVDB ID: 33151 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0467.html ISS X-Force ID: 32690 FrSIRT Advisory: ADV-2007-0759 CVE-2007-1111 Bugtraq ID: 22705