lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 29 Jul 2015 20:33:01 -0300
From: Luciano Pedreira <>
To: bugtraq <>,
	fulldisclosure <>
Subject: [FD] Fwd: CVE_for_Vulnerability_theholidaycalendar

---------- Forwarded message ----------
From: Luciano Pedreira <>
Date: 2015-07-20 10:06 GMT-03:00
Subject: CVE_for_Vulnerability_theholidaycalendar


In a recent research conducted in the "The Holiday Calendar" plugin ( / I found vulnerability
related at Cross Site Scripting.

. The Holiday Calendar plugin Cross Site Scripting Issues

This problem was confirmed in the following versions of the "The Holiday
Calendar", other prior versions maybe also affected.

Version: 1.11.2
(Tested with Mozilla Firefox Browser)


The "The Holiday Calendar" plugin ( / is affected by Cross
Site Scripting. The variable "thc-month" do not sanitize input data,
allowing attacker to store malicious javascript code in a page.

Proof of Concept to exploit the vulnerability:


This vulnerability was discovered and researched by Luciano Pedreira
(a.k.a. shark)

I wonder how to create a CVE for this publication?

best regards,

Luciano Pedreira

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists