173 matches found
Liferay Portal and Liferay DXP Security Vulnerabilities
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
PT-2024-20785 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.2 Liferay DXP 7.3 before service pack 3 Liferay DXP 7.2 before fix pack 15 Description: The Calendar module in the affected software does not escape user-supplied data in the default notification emai...
Discourse Cross-Site Scripting Vulnerability
Discourse is an open source community discussion platform. The platform includes features such as community, email, and chat rooms. A cross-site scripting vulnerability exists in dicourse-calendar, which stems from improper escaping of event titles and could lead to cross-site scripting XSS...
OpenEMR 6.0.0 / 6.1.0-dev SQL Injection Vulnerability
OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality. Authenticated SQL injection in OpenEMR calendar search Overview Advisory version: 1.0 Advisory status: Public Advisory URL:...
OpenEMR 6.0.0 / 6.1.0-dev SQL Injection
Trovent Security Advisory 2109-01 Authenticated SQL injection in OpenEMR calendar search Overview Advisory ID: TRSA-2109-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2109-01 Affected product: OpenEMR web application Tested versions: 6.0.0,...
Fedora 31 : php (2020-94763cb98b)
PHP version 7.3.23 01 Oct 2020 Core: - Fixed bug php80048 Bug php69100 has not been fixed for Windows. cmb - Fixed bug php80049 Memleak when coercing integers to string via variadic argument. Nikita - Fixed bug php79699 PHP parses encoded cookie names so malicious Host- cookies can be sent...
Vtiger CRM SQL Injection Vulnerability (CNVD-2019-16507)
Vtiger CRM is a set of customer relationship management system CRM based on SugarCRM developed by American Vtiger. The management system provides management, collection and analysis of customer information and other functions. A SQL injection vulnerability exists in the...
CVE-2016-10754
modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter...
rotman-baycrest.on.ca XSS vulnerability
Open Bug Bounty ID: OBB-623369 Description| Value ---|--- Affected Website:| rotman-baycrest.on.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2017-16906
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action...
Tiki Wiki CMS Calendar Remote Code Execution Vulnerability
Tiki Wiki CMS Groupware is a suite of open source content management and portal applications from the Tiki software community that can be used to create web applications, portals, corporate intranets, extranets, and more. A remote code execution vulnerability exists in the viewmode parameter of t...
Tiki-Wiki CMS Calendar Remote Command Execution
A remote command injection vulnerability exists in Tiki-Wiki CMS's calendar module. By exploiting this vulnerability, a remote attacker can execute arbitrary code on the affected server...
CVE-2016-2156
calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a...
phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 calendar Module day Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/8393/info PHP Website is a web site content management system that allows for easy maintainance and administration of interactive community-driven websites. Cross-site vulnerabilities have been reported in the Calendar,...
PHP Website 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/8390/info Multiple SQL injection vulnerabilities have been reported in PHP Website. These issue may be exploited by sending a malicious request to the calendar script. Possible consequencs of exploitation include compromi...
NukeCalendar 1.1 .a eid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
Calendar Module 1.5.7 For Mambo Com_Calendar.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19027/info The Calendar module for Mambo is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...
NukeCalendar 1.1 .a eid Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
CVE-2013-6794
Cross-site scripting XSS vulnerability in the Calendar module in Olat 7.8.0.1 b20130821 N1 allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2013-6793
Multiple cross-site scripting XSS vulnerabilities in the Calendar module in Olat 7.8.0.1 b20130821 N1 allow remote attackers to inject arbitrary web script or HTML via the 1 event name or 2 date field...