Lucene search
K

57 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/05/22 4:16 a.m.22 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to an authenticated user accessing sensitive information (CVE-2024-31893, CVE-2024-31894 & CVE-2024-31895)

Summary IBM App Connect Enterprise Discovery Connector nodes for Calendly, Docusign and Square are vulnerable to an authenticated user accessing sensitive information. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-31893 DESCRIPTION:...

6.5CVSS3.9AI score0.00275EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/04/26 8:15 a.m.16 views

CVE-2024-3890

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2024/04/26 8:15 a.m.4 views

CVE-2024-3890

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/26 7:28 a.m.10 views

CVE-2024-3890 Happy Addons for Elementor <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly Widget

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/26 12:24 a.m.5 views

WordPress Happy Addons for Elementor plugin <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Calendly Widget vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Happy Addons for Elementor versions = 3.10.6...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/26 12:0 a.m.3 views

PT-2024-28269 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.5 Description: The issue is related to Stored Cross-Site Scripting via the Calendly widget due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.0034EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2024/03/07 11:11 a.m.26 views

Human vs. Non-Human Identity in SaaS

In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity dormant, active, hyperactive, thei...

6.8AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/02/28 4:56 p.m.50 views

Calendar Meeting Links Used to Spread Mac Malware

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the targets calendar at Calendly, a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a vide...

7.3AI score
Exploits0
WPVulnDB
WPVulnDB
added 2023/10/17 12:0 a.m.13 views

Embed Calendly < 3.7 Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.6AI score0.00348EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/10/13 1:15 p.m.2 views

CVE-2023-4995

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS6AI score0.00348EPSS
Exploits0References2
Prion
Prion
added 2023/10/13 1:15 p.m.12 views

Cross site scripting

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

4.9CVSS5.2AI score0.00348EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/13 12:44 p.m.6 views

CVE-2023-4995

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.7AI score0.00348EPSS
Exploits0References2
CVE
CVE
added 2023/10/13 12:44 p.m.46 views

CVE-2023-4995

CVE-2023-4995 affects the Embed Calendly plugin for WordPress. The vulnerability is Stored XSS via the calendly shortcode, caused by insufficient sanitization/escaping of shortcode attributes in versions up to 3.6. Authenticated attackers with contributor-level or higher permissions can inject ar...

6.4CVSS5.2AI score0.00348EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/13 12:44 p.m.34 views

CVE-2023-4995 Embed Calendly <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.8AI score0.00348EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/10/13 12:0 a.m.8 views

WordPress Embed Calendly Plugin <= 3.6 is vulnerable to Cross Site Scripting (XSS)

Software Embed Calendly Type Plugin Vulnerable versions = 3.6 Fixed in 3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4995 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b37cc7f4dcca Credits Lana Codes Required privilege...

6.4CVSS5.7AI score0.00348EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/10/13 12:0 a.m.3 views

WordPress Plugin Embedded Calendly Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.7AI score0.00348EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/26 12:0 a.m.10 views

cal.com 访问控制错误漏洞

cal.com is an open source Calendly replacement. A security vulnerability exists in versions of cal.com prior to 2.7 that stems from improper access control...

8.8CVSS7.8AI score0.00842EPSS
Exploits1References5
Rows per page
Query Builder