CVE-2026-45286

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

CVE-2026-45286

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

PT-2026-45530

Name of the Vulnerable Software and Affected Versions Nextcloud versions 5.5.13 through 5.5.16 Nextcloud versions 6.2.0 through 6.2.2 Description An authenticated user can enumerate other users on the same instance. This is possible because sharing restrictions were not effectively applied to the...

PT-2026-1847

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 2.4.5 Description The XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page, including guest users, can exploit a SQ...

EUVD-2025-24624

Malicious code in bioql PyPI...

ProxyVulns

ProxyVulns ProxyLogon Usage: python3 26855.py 1.1.1.1 ProxyOracle url Once a victim clicks this link, evil.com will receive the cookies...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-45314

CVE-2025-45314 describes an XSS in hortusfox-web v4.4 affecting the /Calendar endpoint, where a crafted payload injected into the add function allows arbitrary JavaScript execution in a user’s browser. The vulnerability is evidenced across multiple sources in the connected documents, including Re...

PT-2025-33061 · Unknown · Hortusfox-Web

Name of the Vulnerable Software and Affected Versions: hortusfox-web version 4.4 Description: A cross-site scripting XSS issue exists in the /Calendar endpoint of hortusfox-web version 4.4. Attackers can execute arbitrary JavaScript in a user's browser through a crafted payload injected into the...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

HortusFox 安全漏洞

HortusFox is a free and open source self-hosted plant manager system from HortusFox, Inc. A security vulnerability exists in HortusFox v4.4 that stems from a cross-site scripting attack due to misuse of the add function in the /Calendar endpoint...

CVE-2024-50599

A reflected Cross-Site Scripting XSS vulnerability has been identified in Zimbra Collaboration Suite ZCS 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in the...

PT-2024-7919 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite version 8.8.15 Description: A reflected Cross-Site Scripting XSS issue has been identified, arising from improper handling of user-supplied input. This allows an attacker to inject malicious code that is reflected...

CVE-2024-50599

CVE-2024-50599 describes a reflected Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) 8.8.15 , affecting a webmail calendar endpoint. The issue arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in...

Zimbra Collaboration Suite 跨站脚本漏洞

Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite version 8.8.15, which stems from the lack of effective filtering...

CVE-2016-1000271

Joomla extension DT Register version before 3.1.12 Joomla 3.x / 2.8.18 Joomla 2.5 contains an SQL injection in "/index.php?controller=calendar&format=raw&cat0=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server...