Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » PostCalendar 3.0 Cross Site Scripting Vulnerability

PostCalendar 3.0 Cross Site Scripting Vulnerability

by Nikola Strahija on April 22nd, 2002 PostCalendar 3.0 is a module for PHP-Nuke that provides an interactive events calendar that users can add entries to. Under certain conditions it fails to strip HTML or Script from user supplied data, allowing malicious code to be injected into event listings by users.


This is accomplished by submitted a normal plain-text event (as a logged in user), proceeding to the preview screen and added the HTML or script from there.


Remote: Yes

Exploit: NO exploit


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »