CVE-2020-37081

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

EUVD-2020-30994

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

PT-2024-34428 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System Project version 1.0 Description: A SQL Injection issue was found in the /admin/calendar of events.php page of the kashipara E-learning Management System Project. The vulnerability is exploitable via the...

CVE-2024-46409

A stored cross-site scripting XSS vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page...

CVE-2024-46409

A stored cross-site scripting XSS vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page...

CVE-2024-46409

A stored cross-site scripting XSS vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page...

CVE-2024-46409

A stored cross-site scripting XSS vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page...

CVE-2024-46409

CVE-2024-46409 concerns SeedDMS v6.0.28 with a stored XSS vulnerability. The issue arises from insufficient filtering/escaping of user-supplied data in the Name parameter on the Calendar page, allowing an attacker to inject and execute arbitrary web scripts or HTML when the page is viewed. Multip...

SUSE CVE-2006-3257

Multiple cross-site scripting XSS vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including 1 calendar/myagenda.php, 2 document/document.php, 3 phpbb/newtopic.php, 4 tracking/userLog.php, and 5 wiki/page.php...

CVE-2021-25061

The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page...

Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting XSS vulnerability. The Payload will then be triggered when an admin visits the...

Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting XSS vulnerability. The Payload will then be triggered when an admin visits the...

parkridgenjchamber.com XSS vulnerability

Open Bug Bounty ID: OBB-662009 Description| Value ---|--- Affected Website:| parkridgenjchamber.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

lincolnplazahotel.net XSS vulnerability

Vulnerable URL: http://www.lincolnplazahotel.net/calendar/calendar.asp?insertTo=1"...

ok.gov XSS vulnerability

Vulnerable URL: https://www.ok.gov/triton/modules/calendar/calendar.php?eventtypeseq=1"...

mi11.sparinc.com XSS vulnerability

Vulnerable URL: http://mi11.sparinc.com/pdcs/Calendar.asp?SAT==visitdt=jwtfrm=1"...

ocdsb.ca XSS vulnerability

Vulnerable URL: http://www.ocdsb.ca/calendar/test/flip/bookContent.swf?currentHTMLURL=data:text/html;base64,PHNjcmlwdD5hbGVydCgnT1BFTiBCVUdCT1VOVFknKTwvc2NyaXB0Pg== Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

stroudhigh.gloucs.sch.uk XSS vulnerability

Vulnerable URL: http://stroudhigh.gloucs.sch.uk/calendar/event/Student-Council-PM-Reg-P5/?caltime="'--! Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4574551 VIP website status:| ...

CVE-2015-8685

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...

UBUNTU-CVE-2015-8685

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 external calendar url or 2 the bank name field in the "import external calendar" page...