10 matches found
CVE-2022-0389
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
SUSE CVE-2017-0895
Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed...
CVE-2022-0389
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0389
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0389
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0389 WP Time Slots Booking Form < 1.1.63 - Admin+ Stored Cross-Site Scripting
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress WP Time Slots Booking Form Plugin versions prior to...
PT-2019-2928 · Cyrus +4 · Cyrus Imap +4
Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions 2.5.x through 2.5.12 Cyrus IMAP versions 3.0.x through 3.0.9 Description: The issue is related to the CalDAV feature in the httpd server of Cyrus IMAP, which allows remote attackers to execute arbitrary code via a crafted...
Nextcloud Server Information Disclosure Vulnerability (CNVD-2017-07533)
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An information disclosure vulnerability exists in Nextcloud Server versions prior to 10.0.4 and versions prior to 11.0....