Lucene search
K

173 matches found

CNNVD
CNNVD
added 2024/02/21 12:0 a.m.5 views

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

5.4CVSS6.3AI score0.00471EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.4 views

PT-2024-20785 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.2 Liferay DXP 7.3 before service pack 3 Liferay DXP 7.2 before fix pack 15 Description: The Calendar module in the affected software does not escape user-supplied data in the default notification emai...

5.4CVSS5.7AI score0.00471EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.4 views

Discourse Cross-Site Scripting Vulnerability

Discourse is an open source community discussion platform. The platform includes features such as community, email, and chat rooms. A cross-site scripting vulnerability exists in dicourse-calendar, which stems from improper escaping of event titles and could lead to cross-site scripting XSS...

8CVSS6.1AI score0.00501EPSS
Exploits0References4
0day.today
0day.today
added 2021/12/15 12:0 a.m.431 views

OpenEMR 6.0.0 / 6.1.0-dev SQL Injection Vulnerability

OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality. Authenticated SQL injection in OpenEMR calendar search Overview Advisory version: 1.0 Advisory status: Public Advisory URL:...

6.8CVSS0.4AI score0.13653EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/12/15 12:0 a.m.478 views

OpenEMR 6.0.0 / 6.1.0-dev SQL Injection

Trovent Security Advisory 2109-01 Authenticated SQL injection in OpenEMR calendar search Overview Advisory ID: TRSA-2109-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2109-01 Affected product: OpenEMR web application Tested versions: 6.0.0,...

0.1AI score0.13653EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2020/10/08 12:0 a.m.104 views

Fedora 31 : php (2020-94763cb98b)

PHP version 7.3.23 01 Oct 2020 Core: - Fixed bug php80048 Bug php69100 has not been fixed for Windows. cmb - Fixed bug php80049 Memleak when coercing integers to string via variadic argument. Nikita - Fixed bug php79699 PHP parses encoded cookie names so malicious Host- cookies can be sent...

6.5CVSS6.8AI score0.05029EPSS
Exploits1References3
CNVD
CNVD
added 2019/05/31 12:0 a.m.2 views

Vtiger CRM SQL Injection Vulnerability (CNVD-2019-16507)

Vtiger CRM is a set of customer relationship management system CRM based on SugarCRM developed by American Vtiger. The management system provides management, collection and analysis of customer information and other functions. A SQL injection vulnerability exists in the...

8.8CVSS8AI score0.01461EPSS
Exploits1References1
OSV
OSV
added 2019/05/24 6:29 p.m.3 views

CVE-2016-10754

modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter...

8.8CVSS5.8AI score0.01461EPSS
Exploits1References2
Openbugbounty
Openbugbounty
added 2018/05/28 1:33 a.m.10 views

rotman-baycrest.on.ca XSS vulnerability

Open Bug Bounty ID: OBB-623369 Description| Value ---|--- Affected Website:| rotman-baycrest.on.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
OSV
OSV
added 2017/11/20 8:29 p.m.22 views

CVE-2017-16906

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action...

5.4CVSS5.6AI score
Exploits0References4
CNVD
CNVD
added 2016/09/23 12:0 a.m.3 views

Tiki Wiki CMS Calendar Remote Code Execution Vulnerability

Tiki Wiki CMS Groupware is a suite of open source content management and portal applications from the Tiki software community that can be used to create web applications, portals, corporate intranets, extranets, and more. A remote code execution vulnerability exists in the viewmode parameter of t...

8.2AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2016/07/12 12:0 a.m.2 views

Tiki-Wiki CMS Calendar Remote Command Execution

A remote command injection vulnerability exists in Tiki-Wiki CMS's calendar module. By exploiting this vulnerability, a remote attacker can execute arbitrary code on the affected server...

4.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2016/05/22 8:59 p.m.20 views

CVE-2016-2156

calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a...

4.3CVSS6.8AI score0.01693EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 calendar Module day Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/8393/info PHP Website is a web site content management system that allows for easy maintainance and administration of interactive community-driven websites. Cross-site vulnerabilities have been reported in the Calendar,...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

PHP Website 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8390/info Multiple SQL injection vulnerabilities have been reported in PHP Website. These issue may be exploited by sending a malicious request to the calendar script. Possible consequencs of exploitation include compromi...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

NukeCalendar 1.1 .a eid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Calendar Module 1.5.7 For Mambo Com_Calendar.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19027/info The Calendar module for Mambo is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

NukeCalendar 1.1 .a eid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...

7.1AI score
Exploits0
NVD
NVD
added 2013/11/14 8:55 p.m.13 views

CVE-2013-6794

Cross-site scripting XSS vulnerability in the Calendar module in Olat 7.8.0.1 b20130821 N1 allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

4.3CVSS5.6AI score0.01423EPSS
Exploits0References1
NVD
NVD
added 2013/11/14 8:55 p.m.13 views

CVE-2013-6793

Multiple cross-site scripting XSS vulnerabilities in the Calendar module in Olat 7.8.0.1 b20130821 N1 allow remote attackers to inject arbitrary web script or HTML via the 1 event name or 2 date field...

4.3CVSS5.8AI score0.03217EPSS
Exploits1References5
Rows per page
Query Builder