header-logo
Suggest Exploit
vendor:
Helios Calendar
by:
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Helios Calendar
Affected Version From: 1.2.1 Beta
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Helios Calendar Cross-Site Scripting Vulnerability

The Helios Calendar application is prone to a cross-site scripting vulnerability. This vulnerability occurs due to insufficient sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary HTML or script code in the context of a user's browser session on an affected site. This can lead to the theft of cookie-based authentication credentials and enable further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to apply proper input sanitization and validation techniques to user-supplied data.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26312/info

Helios Calendar is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

This issue affects Helios Calendar 1.2.1 Beta; other versions may also be affected. 

http://www.example.com/calendar/admin/index.php?msg=1&username=[XSS]

Navigation

Suggest Exploit

Services By CQR