Home » Hacking News » PostCalendar 3.0 Cross Site Scripting Vulnerability

PostCalendar 3.0 Cross Site Scripting Vulnerability

by Nikola Strahija on April 22nd, 2002 PostCalendar 3.0 is a module for PHP-Nuke that provides an interactive events calendar that users can add entries to. Under certain conditions it fails to strip HTML or Script from user supplied data, allowing malicious code to be injected into event listings by users.

This is accomplished by submitted a normal plain-text event (as a logged in user), proceeding to the preview screen and added the HTML or script from there.

Remote: Yes

Exploit: NO exploit

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

PostCalendar 3.0 Cross Site Scripting Vulnerability

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact