CVE-2012-0846

CVE-2012-0846 is an XSS vulnerability in Craig Knudsen WebCalendar 1.2.4 that allows remote injection of arbitrary scripts/HTML via the Location variable. The connected records for CVE-2012-5384 describe additional XSS vectors affecting the same WebCalendar product (including parameters in edit_e...

WebCalendar 1.2.4 - Remote Code Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "WebCalendar 1.2.4...

WebCalendar 1.2.4 Pre-Auth Remote Code Injection

Exploit for linux platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Webcalendar 1.2.4 Cross Site Scripting

Exploit Title: Webcalendar 1.2.4 'location' XSS Date: 01/11/12 Author: G13 Software Link: https://sourceforge.net/projects/webcalendar/?source=directory Version: 1.2.5 Category: webapps php Vulnerability There is no sanitation on the input of the location variable. This allows malicious scripts t...