ID SECURITYVULNS:DOC:27493
Type securityvulns
Reporter Securityvulns
Modified 2011-12-26T00:00:00
Description
Exploit Title: PHP Booking Calendar 10e XSS
Date: 12/16/11
Author: G13
Software Link: http://sourceforge.net/projects/bookingcalendar/
Version: 10e
Category: webapps (php)
Vulnerability
The page_info_message varibale in the details_view.php does not
sanitize input. This is a relective XSS attack.
Exploit
http://127.0.0.1/cal/details_view.php?event_id=1&date=2011-12-01&view=month&loc=loc1&page_info_message=[XSS]