The exploit demonstrates an HTML injection vulnerability in Flat Calendar by injecting a script tag that triggers a JavaScript alert. This confirms the lack of proper input sanitization, allowing arbitrary HTML/JS execution in the context of the affected site.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:Flat Calendar (version unspecified)
No auth needed
Prerequisites:User-supplied input field vulnerable to HTML injection