25 matches found
CVE-2023-4021
The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
VulnCheck KEV: CVE-2022-1006
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks...
WordPress Booking Calendar Pro plugin <= 11.2.19 - Reflected Cross-Site Scripting via 'calendar_id' vulnerability
Reflected Cross-Site Scripting via 'calendarid' vulnerability discovered by vgo0 in WordPress Plugin Booking Calendar Pro WpDevArt versions = 11.2.19...
WordPress plugin Booking Calendar 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2023-48839
Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...
CVE-2023-48839
Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...
CVE-2023-48836
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...
CVE-2023-48836
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...
CVE-2023-48828
Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...
CVE-2023-48827
Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...
CVE-2023-48828
Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...
CVE-2023-48836
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...
PT-2023-30982 · Unknown · Appointment Scheduler
Name of the Vulnerable Software and Affected Versions: Appointment Scheduler version 3.0 Description: The issue concerns Multiple Stored Cross-Site Scripting XSS problems. These issues can be exploited via several parameters, including name, plugin sms api key, plugin sms country code, calendar i...
CVE-2023-38881
A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendarid', 'schooldate', 'month' or 'year'...
CVE-2023-4021
The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-4021
The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-4021 Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-4021 Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-4021
CVE-2023-4021 affects the WordPress plugin Modern Events Calendar Lite. Multiple connected sources confirm a Stored Cross-Site Scripting (XSS) flaw in versions up to, but not including, 7.1.0, caused by insufficient input sanitization and output escaping of a Google API key and Calendar ID. Explo...
WordPress Plugin Modern Events Calendar lite Cross Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...