GestSup - Cross-Site Scripting

GestSup allows its users to add events to the calendar of all users. This is the HTTP request sent when a user adds an event to their calendar. id: CVE-2024-23167 info: name: GestSup - Cross-Site Scripting author: eeche,chae1xx1os,persona-twotwo,soonghee2,gy741 severity: high description: | GestS...

EUVD-2017-8076

Malware in sbrugna...

EUVD-2024-53103

Malicious code in bioql PyPI...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

PT-2024-36784 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions through 14.9.6 Description: A stored cross-site scripting XSS vulnerability in the Calendar feature allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the...

CVE-2024-56313

A stored cross-site scripting XSS vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of...

Schoolbox Cross-Site Scripting Vulnerability

Schoolbox is an online learning platform from Schoolbox Australia. A cross-site scripting vulnerability exists in Schoolbox versions prior to 23.1.3, which stems from a cross-site scripting vulnerability in the Calendar feature that allows an authenticated attacker to perform a secure operation i...

CVE-2023-32063

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...

CVE-2023-32063 OroCRMCallBundle has incorrect call view page visibility

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...

SUSE CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter

Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting XSS vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

Design/Logic Flaw

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

IceWarp WebClient Cross-Site Scripting Vulnerability

Icewarp IceWarp WebClient is a web-based mail service client from IceWarp Icewarp. A cross-site scripting vulnerability exists in IceWarp WebClient, which stems from the P4 field of the product's Webmail Calender feature not validating user input data. The vulnerability can be exploited to execut...

CVE-2020-22807

An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature...

Kayako LiveResponse 2.0 index.php Calendar Feature Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14425/info Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors. The cross-site scripting and HTML...

CVE-2005-2461

Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the 1 year or 2 date parameter...

CVE-2005-2461

Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the 1 year or 2 date parameter...