Events Security Vulnerabilities
6.1CVSS
6AI Score
0.001EPSS
The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL...
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.001EPSS
6.1CVSS
6.1AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.002EPSS
6.1CVSS
6.4AI Score
0.001EPSS
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options...
4.8CVSS
4.9AI Score
0.001EPSS
An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an...
6.1CVSS
5.8AI Score
0.004EPSS
Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events....
6.1CVSS
5.6AI Score
0.002EPSS
Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events....
6.1CVSS
5.6AI Score
0.002EPSS
Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events....
6.1CVSS
5.6AI Score
0.002EPSS
Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events....
6.1CVSS
5.6AI Score
0.002EPSS
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.4CVSS
5.4AI Score
0.001EPSS
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to...
9.8CVSS
9.9AI Score
0.003EPSS
An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the...
7.5CVSS
7.5AI Score
0.001EPSS
Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q...
9.8CVSS
9.9AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.007EPSS
Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to...
5.8AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4)...
5.8AI Score
0.002EPSS
Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown...
7.5AI Score
0.014EPSS
Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct...
6.6AI Score
0.007EPSS
Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the id parameter to...
8.8AI Score
0.002EPSS
SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id...
8.8AI Score
0.001EPSS
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2)...
6.7AI Score
0.007EPSS
MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to...
6.7AI Score
0.007EPSS
SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
8.3AI Score
0.002EPSS
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id...
8.4AI Score
0.001EPSS
PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component...
7.6AI Score
0.151EPSS
SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id...
8.4AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c)...
9.1AI Score
0.009EPSS
PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir...
7.9AI Score
0.154EPSS
SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year...
8.4AI Score
0.011EPSS
SQL injection vulnerability in login.asp for WWWeb Concepts Events System 1.0 allows remote attackers to execute arbitrary SQL commands via the...
8.8AI Score
0.003EPSS