57 matches found
Security Bulletin: IBM App Connect Enterprise is vulnerable to an authenticated user accessing sensitive information (CVE-2024-31893, CVE-2024-31894 & CVE-2024-31895)
Summary IBM App Connect Enterprise Discovery Connector nodes for Calendly, Docusign and Square are vulnerable to an authenticated user accessing sensitive information. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-31893 DESCRIPTION:...
CVE-2024-3890
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-3890
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-3890 Happy Addons for Elementor <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly Widget
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Happy Addons for Elementor plugin <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Calendly Widget vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Happy Addons for Elementor versions = 3.10.6...
PT-2024-28269 · WordPress · Happy Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.5 Description: The issue is related to Stored Cross-Site Scripting via the Calendly widget due to insufficient input sanitization and output escaping on...
Human vs. Non-Human Identity in SaaS
In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity dormant, active, hyperactive, thei...
Calendar Meeting Links Used to Spread Mac Malware
Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the targets calendar at Calendly, a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a vide...
Embed Calendly < 3.7 Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
CVE-2023-4995
The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
Cross site scripting
The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-4995
The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-4995
CVE-2023-4995 affects the Embed Calendly plugin for WordPress. The vulnerability is Stored XSS via the calendly shortcode, caused by insufficient sanitization/escaping of shortcode attributes in versions up to 3.6. Authenticated attackers with contributor-level or higher permissions can inject ar...
CVE-2023-4995 Embed Calendly <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WordPress Embed Calendly Plugin <= 3.6 is vulnerable to Cross Site Scripting (XSS)
Software Embed Calendly Type Plugin Vulnerable versions = 3.6 Fixed in 3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4995 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b37cc7f4dcca Credits Lana Codes Required privilege...
WordPress Plugin Embedded Calendly Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
cal.com 访问控制错误漏洞
cal.com is an open source Calendly replacement. A security vulnerability exists in versions of cal.com prior to 2.7 that stems from improper access control...