44 matches found
EUVD-2020-24089
Malware in sbrugna...
EUVD-2024-36680
Malicious code in bioql PyPI...
EUVD-2025-5715
Malicious code in bioql PyPI...
EUVD-2022-52032
Malicious code in bioql PyPI...
EUVD-2023-33906
Malicious code in bioql PyPI...
EUVD-2025-15207
Malicious code in bioql PyPI...
CVE-2022-4727
A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affects the function getNotes of the file api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java of the component Notes Handler. The manipulation...
CVE-2025-23526
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SwiftCloud Swift Calendar Online Appointment Scheduling online-appointment-scheduling-software allows Reflected XSS.This issue affects Swift Calendar Online Appointment Scheduling: from n/a through...
CVE-2025-23526
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SwiftCloud Swift Calendar Online Appointment Scheduling online-appointment-scheduling-software allows Reflected XSS.This issue affects Swift Calendar Online Appointment Scheduling: from n/a through...
CVE-2025-23526
CVE-2025-23526 affects the WordPress Swift Calendar Online Appointment Scheduling plugin up to version 1.3.3. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation, enabling reflected XSS in affected environments. Mu...
CVE-2025-0862 SuperSaaS – online appointment scheduling <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via after Parameter
The SuperSaaS – online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
WordPress SuperSaaS – online appointment scheduling plugin <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via after Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via after Parameter vulnerability discovered by yudha in WordPress Plugin SuperSaaS – online appointment scheduling versions = 2.1.12...
CVE-2024-10987
Affected software: Code-Projects E-Health Care System 1.0. Vulnerable component: /Doctor/user_appointment.php, where manipulation of parameters schedule_id, schedule_date, schedule_day, start_time, end_time, or booking leads to SQL injection. Attack vector: remote. Exploit status: publicly disclo...
CVE-2024-37460
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SuperSaaS SuperSaaS – online appointment scheduling allows Stored XSS.This issue affects SuperSaaS – online appointment scheduling: from n/a through 2.1.9...
CVE-2024-37460 WordPress SuperSaaS – online appointment scheduling plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SuperSaaS SuperSaaS – online appointment scheduling allows Stored XSS.This issue affects SuperSaaS – online appointment scheduling: from n/a through 2.1.9...
WordPress SuperSaaS – online appointment scheduling Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)
Software SuperSaaS – online appointment scheduling Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.1.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37460 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a09268a4b2f3 Credits LVT-tholv2k...
Booking Calendar < 1.3.83 - CSRF appointment scheduling
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. input type="s...
CVE-2023-3559
A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting...
CVE-2023-3559
A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting...
Cross site scripting
A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting...