Unfixed XSS vulnerability at phpicalendar.net

2008-06-19T00:00:00
ID XSSED:42712
Type xssed
Reporter tenest
Modified 2008-09-07T00:00:00

Description

Security researcher tenest, has submitted on 19/06/2008 a cross-site-scripting (XSS) vulnerability affecting phpicalendar.net, which at the time of submission ranked 268070 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 09/07/2008. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.

Vulnerable URL: http://phpicalendar.net/phpicalendar/search.php?cpath=&cal=http%253A%252F%252Fdimer.tamu.edu%252Fcalendars%252Fseminars%252FBiochem.ics%2Chttp%253A%252F%252Fdimer.tamu.edu%252Fcalendars%252Fseminars%252FBiology%252520Seminars.ics%2CHome%2CUS%2BHolidays%2CWork&getdate=20080424&query=%22onmouseover%3D%22alert%281%29&submit.x=0&submit.y=0&submit=Search