PHP Booking Calendar 10e – ‘page_info_message’ Cross-Site Scripting

Exploit Database
15 阅读

作者： G13

日期： 2011-12-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36468/

source: https://www.securityfocus.com/bid/51119/info

PHP Booking Calendar is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

PHP Booking Calendar 10e is vulnerable; other versions may also be affected. 

http://www.example.com/cal/details_view.php?event_id=1&date=2011-12-01&view=month&loc=loc1&page_info_message=[XSS]

last Exploits
PHP Booking Calendar 10e – ‘page_info_message’ Cross-Site Scripting的更多信息

NeoBill – ‘/modules/nullregistrar/PHPwhois/example.php?query’ Remote Code Execution：
BS Scripts Directory – ‘info.php’ SQL Injection：
Layout CMS 1.0 – SQL Injection / Cross-Site Scripting：
Joomla! Component com_science – SQL Injection：
PHP Ticket System Beta 1 – ‘get_all_created_by_user.php?id’ SQL Injection：
TheBlog 2.0 – Multiple Vulnerabilities：
Phpwcms 1.9.30 – Arbitrary File Upload：
Killmonster 2.1 – Authentication Bypass：