[PHPiCalendar-DEV] Fwd: PHP iCalendar Cross Site Scripting

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

It seems that something goes wrong in the RSS feed.

I've not yet followed the links mentionned, but this advisory had been
published on the bugtraq list, so it should have been validated.

Danon'.
---------- Forwarded message ----------
From: bo...@li... <bo...@li...>
Date: 28 Jun 2006 18:14:42 -0000
Subject: PHP iCalendar Cross Site Scripting
To: bu...@se...

>> K.S Advisory

>> irc.gigachat.net #kurdhack

>> Thanx : Netqurd,Azad,B3g0k,Fearless,Milex,Flot,Zay_Boy,PH,KHA,KCA and
other my friends

>> Version : All Version

Proof Of Concept :

http://www.site.com/phpicalendar/rss/index.php?cal=[XSS]

Original Advisory :

http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-12-php-icalendar.html

EoF

-- 
I'm a poor and lonesome Yaourt... (Air connu)