Search...

PHP Booking Calendar 10e XSS

2011-12-26T00:00:00

ID SECURITYVULNS:DOC:27493
Type securityvulns
Reporter Securityvulns
Modified 2011-12-26T00:00:00

Description

Exploit Title: PHP Booking Calendar 10e XSS

Date: 12/16/11

Author: G13

Software Link: http://sourceforge.net/projects/bookingcalendar/

Version: 10e

Category: webapps (php)

Vulnerability

The page_info_message varibale in the details_view.php does not sanitize input. This is a relective XSS attack.

Exploit

http://127.0.0.1/cal/details_view.php?event_id=1&date=2011-12-01&view=month&loc=loc1&page_info_message=[XSS]

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:27493", "bulletinFamily": "software", "title": "PHP Booking Calendar 10e XSS", "description": "# Exploit Title: PHP Booking Calendar 10e XSS\r\n# Date: 12/16/11\r\n# Author: G13\r\n# Software Link: http://sourceforge.net/projects/bookingcalendar/\r\n# Version: 10e\r\n# Category: webapps (php)\r\n#\r\n\r\n##### Vulnerability #####\r\n\r\nThe page_info_message varibale in the details_view.php does not \r\nsanitize input. This is a relective XSS attack.\r\n\r\n##### Exploit #####\r\n\r\nhttp://127.0.0.1/cal/details_view.php?event_id=1&date=2011-12-01&view=month&loc=loc1&page_info_message=[XSS]\r\n", "published": "2011-12-26T00:00:00", "modified": "2011-12-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27493", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:43", "edition": 1, "viewCount": 46, "enchantments": {"score": {"value": 2.2, "vector": "NONE"}, "dependencies": {"references": []}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12117"]}]}, "exploitation": null, "vulnersScore": 2.2}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}