CVE-2026-39329

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerable flow reach...

CVE-2025-67751

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

CVE-2025-11783

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

PT-2025-48673

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the AddEvent function when handling user-supplied usernames. The issue occurs because the function copies the username input to a fixed-size buffe...

EUVD-2021-23153

Malware in sbrugna...

Prototype Pollution

Overview mpregular is a Affected versions of this package are vulnerable to Prototype Pollution via the mp.addEventHandler function. An attacker can cause application instability or crash by injecting malicious properties into Object.prototype through a specially crafted payload. Details Prototyp...

CVE-2021-36551

TikiWiki v21.4 was discovered to contain a cross-site scripting XSS vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module...

SUSE CVE-2010-0171

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting XSS attacks, by using the addEventListener and setTimeo...

CVE-2021-36551

TikiWiki v21.4 was discovered to contain a cross-site scripting XSS vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module...

CVE-2021-36551

TikiWiki v21.4 was discovered to contain a cross-site scripting XSS vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module...

Cross site scripting

TikiWiki v21.4 was discovered to contain a cross-site scripting XSS vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module...

CVE-2021-36551

CVE-2021-36551 affects TikiWiki v21.4, specifically the tiki-calendar.php component in the Add Event module. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to execute arbitrary web scripts or HTML via a crafted payload. Exploitation details or in-the-wild status ar...

Hundred Plus 101EIP 跨站脚本漏洞

The Hundred Plus 101EIP system is a cloud-based office platform from Taiwan-based Hundred Plus Corporation Hundred Plus that has been optimized by gathering the experience of many enterprises. 101EIP suffers from a cross-site scripting vulnerability that stems from the calendar add event feature...

CiuisCRM 1.6 - eventType SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: CiuisCRM 1.6 - 'eventType' SQL Inj. Exploit Author: Mehmet EMİROĞLU Vendor Homepage: https://codecanyon.net/item/ciuis-crm/20473489...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator via a request to auth/process.php, 2 delete an administrator via a request to...

Simple PHP Agenda 2.2.8 - Cross-Site Request Forgery (Add Admin Add Event)

Simple PHP Agenda 2.2.8 - Cross-Site Request Forgery Add Admin Add Event +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple PHP Agenda = 2.2.8 CSRF Add Admin - Add Event Date : 29-03-2012 Author...

Simple PHP Agenda 2.2.8 Cross Site Request Forgery

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple Php Agenda = 2.2.8 CSRF Add Admin/Add New Event Date : 29-03-2012 Author : Ivano Binetti http://ivanobinetti.com Software link :...

firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)

No description is available for this CVE...

firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting XSS attacks, by using the addEventListener and setTimeo...