Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting

Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...

CVE-2026-26153

Out-of-bounds read in Windows Encrypting File System EFS allows an authorized attacker to elevate privileges locally...

CVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability

...

CVE-2020-26153

A cross-site scripting XSS vulnerability in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page paramete...

CVE-2025-26153

creationtimestamp| type| source ---|---|--- 2025-04-16 22:43:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmxo3ko6t52q 2025-04-17 00:25:50+00:00| seen| https://t.me/cvedetector/23176 2025-04-18 12:58:29+00:00| published-proof-of-concept|...

CVE-2025-26153

A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message...

CVE-2024-26153

creationtimestamp| type| source ---|---|--- 2025-01-17 16:56:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2158 2025-01-17 17:15:40+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfxcbp3fk72r 2025-01-17 18:39:39+00:00| seen|...

CVE-2024-26153 ETIC Telecom Remote Access Server (RAS) Cross-Site Request Forgery

All versions of ETIC Telecom Remote Access Server RAS prior to 4.9.19 are vulnerable to cross-site request forgery CSRF. An external attacker with no access to the device can force the end user into submitting a "setconf" method request, not requiring any CSRF token, which can lead into denial of...

CVE-2024-26153

CVE-2024-26153 affects ETIC Telecom Remote Access Server (RAS) versions prior to 4.9.19. The issue is a CSRF flaw in the web portal that allows an external attacker with no device access to coerce an end user into submitting a setconf request without a CSRF token, potentially causing device denia...

CVE-2024-26153 ETIC Telecom Remote Access Server (RAS) Cross-Site Request Forgery

All versions of ETIC Telecom Remote Access Server RAS prior to 4.9.19 are vulnerable to cross-site request forgery CSRF. An external attacker with no access to the device can force the end user into submitting a "setconf" method request, not requiring any CSRF token, which can lead into denial of...

CVE-2023-26153

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geolocation' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the...

CVE-2023-26153

CVE-2023-26153 affects geokit-rails before 2.5.0. Root cause: unsafe YAML deserialization in the geo_location cookie, enabling remote command execution via a forged cookie. This is a cookie‑level, client-supplied input issue that can be exploited to execute commands on the host. Documented impact...

CVE-2020-26153

A cross-site scripting XSS vulnerability in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page paramete...

CVE-2020-26153

A cross-site scripting XSS vulnerability in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page paramete...

CVE-2020-26153

A cross-site scripting XSS vulnerability in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page paramete...

CVE-2020-26153

Summary: CVE-2020-26153 remains a documented XSS vulnerability affecting the Event Espresso Core-Reg plugin (WordPress) prior to 4.10.7.p. The weakness is in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php, where the page parameter is n...