On Sun, Dec 18, 2011 at 03:15:36PM -0500, tom wrote: > # Exploit Title: PHP Booking Calendar 10e XSS > # Date: 12/16/11 > # Author: G13 > # Software Link: http://sourceforge.net/projects/bookingcalendar/ > # Version: 10e > # Category: webapps (php) > # > > ##### Vulnerability ##### > > The page_info_message varibale in the details_view.php does not > sanitize input. This is a relective XSS attack. > > ##### Exploit ##### > > http://127.0.0.1/cal/details_view.php?event_id=1&date=2011-12-01&view=month&loc=loc1&page_info_message=[XSS] CVE-2011-5045 can be used for this issue. - Henri Salo
