EUVD-2006-2258

Malware in sbrugna...

EUVD-2024-32207

Malicious code in bioql PyPI...

WordPress EasyEvent plugin <= 1.0.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Satyam Singh, Vibhor Sharma in WordPress Plugin EasyEvent versions = 1.0.0...

CVE-2024-3628

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-3628

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-3628

The connected Patchstack entry for EasyEvent indicates a Stored XSS vulnerability in EasyEvent WordPress plugin versions

CVE-2024-3628 EasyEvent <= 1.0.0 - Admin+ Stored XSS

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-3628 EasyEvent <= 1.0.0 - Admin+ Stored XSS

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress plugin EasyEvent 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress EasyEvent Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software EasyEvent Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3628 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 16ee0a4a2a78 Credits Satyam Singh Vibhor Sharma...

PT-2024-26948 · WordPress · Easyevent

Name of the Vulnerable Software and Affected Versions: EasyEvent WordPress plugin versions 1.0.0 and earlier Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed, due to the plugin not sanitizing and...

EasyEvent <= 1.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Got to https://example.com/wp-admin/options-general.php?page=easyevent 2. In the ID fiel...

EasyEvent <= 1.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Got to https://example.com/wp-admin/options-general.php?page=easyevent 2. In the ID...

Typo3 CMS T3 EasyEvent tx_easyevent_pi1 0.37.3 SQL Injection

Exploit Title : Typo3 CMS T3 EasyEvent txeasyeventpi1 0.37.3 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 18/02/2019 Vendor Homepage : typo3.org Software Download Link : github.com/dwenzel/t3events/archive/master.zip...

CVE-2006-2257

Cross-site scripting XSS vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curryear parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curryear parameter...

CVE-2006-2257

CVE-2006-2257 is an XSS vulnerability affecting easyEvent 1.2, disclosed for index.php via the curr_year parameter. The underlying issue is improper handling of user-supplied input leading to script/HTML injection. Affected component: index.php in easyEvent 1.2. Impact per sources is partial conf...

CVE-2006-2257

Cross-site scripting XSS vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curryear parameter...