44 matches found
CVE-2024-48534
A reflected cross-site scripting XSS vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2024-48533
A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts...
CVE-2024-48535
A stored cross-site scripting XSS vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...
CVE-2024-48536
Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request...
CVE-2024-48530
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2024-48531
A reflected cross-site scripting XSS vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2024-48531
A reflected cross-site scripting XSS vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2024-48531
A reflected cross-site scripting XSS vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2024-48536
Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request...
CVE-2024-48534
A reflected cross-site scripting XSS vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2024-48535
A stored cross-site scripting XSS vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...
CVE-2024-48530
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2024-48533
A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts...
CVE-2024-48530
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2024-48533
A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts...
CVE-2024-48536
Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request...
CVE-2024-48535
A stored cross-site scripting XSS vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...
CVE-2024-48534
A reflected cross-site scripting XSS vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
eSoft Planner 安全漏洞
eSoft Planner is a scheduling software for managing sports facilities from eSoft Planner, Inc. A security vulnerability exists in eSoft Planner version 3.24.08271-USA, which stems from susceptibility to a cross-site scripting attack that could allow an attacker to execute arbitrary web script or...
CVE-2024-48535
CVE-2024-48535 describes a stored XSS vulnerability in eSoft Planner 3.24.08271-USA where an attacker can inject arbitrary web scripts/HTML via the Name parameter. Multiple sources (NVD, Red Hat, CNNVD, CVE listing, and related enrichments) confirm the same issue, classed as a stored XSS. The ava...