CVE-2007-3182

Calendarix 0.7.20070307 - Cross-Site Scripting via year, month, and leftfooter Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3182. PoCs published by Jesper Jurcenoks.

AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in Calendrix 0.7 due to improper input sanitization. It includes example URLs demonstrating how arbitrary script code can be executed in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jesper Jurcenoks · textwebappsphp

https://www.exploit-db.com/exploits/30232

View Code ZIP pw:eip

The provided text describes multiple XSS vulnerabilities in Calendrix 0.7 due to improper input sanitization. It includes example URLs demonstrating how arbitrary script code can be executed in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Calendrix 0.7

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK