CVE-2006-1835

Calendarix - Cross-Site Scripting via ycyear Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1835. PoCs published by botan.

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in Calendarix. The vulnerability allows arbitrary script execution in the context of the affected site due to improper input sanitization in the 'ycyear' parameter.

Description

Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by botan · textwebappsphp

https://www.exploit-db.com/exploits/27665

View Code ZIP pw:eip

This is a writeup describing a cross-site scripting (XSS) vulnerability in Calendarix. The vulnerability allows arbitrary script execution in the context of the affected site due to improper input sanitization in the 'ycyear' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Calendarix (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable Calendarix application

MITRE ATT&CK