Lucene search
K

2072 matches found

NVD
NVD
added 2017/02/17 5:59 p.m.17 views

CVE-2016-6190

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all...

4.3CVSS4.2AI score0.01228EPSS
Exploits0References4
OSV
OSV
added 2017/02/17 5:59 p.m.3 views

DEBIAN-CVE-2014-9905

Multiple cross-site scripting XSS vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title of an appointment or 2 contact fields...

6.1CVSS5.9AI score0.01223EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2017/02/17 5:0 p.m.23 views

CVE-2014-9905

Multiple cross-site scripting XSS vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title of an appointment or 2 contact fields...

6.1CVSS6.2AI score0.01223EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2017/02/17 12:0 a.m.4 views

PT-2017-6404 · Inverse · Sogo

Name of the Vulnerable Software and Affected Versions: SOGo versions prior to 2.2.0 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the Web Calendar component of SOGo. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via...

6.1CVSS6.1AI score0.01223EPSS
Exploits0References9
NVD
NVD
added 2017/01/10 3:59 p.m.22 views

CVE-2015-4593

eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...

8.8CVSS8.8AI score0.03355EPSS
Exploits5References3
WPVulnDB
WPVulnDB
added 2016/10/03 12:0 a.m.9 views

WordPress Appointment Schedule Booking System - Authenticated Stored XSS

The wp-appointment-schedule-booking-system WordPress plugin was affected by an Authenticated Stored XSS security vulnerability...

2.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/10/03 12:0 a.m.8 views

WordPress Appointment Schedule Booking System Plugin - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/10/03 12:0 a.m.7 views

WordPress Appointment Schedule Booking System Plugin - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/09/30 12:0 a.m.4 views

WordPress Appointment Calendar Plugin - Stored Cross Site Scripting (XSS)

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

1.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/09/30 12:0 a.m.14 views

Appointment Calendar - Stored Cross-Site Scripting (XSS)

When user submist data from appointments there is no validation which leads to stored XSS. PoC curl 'Path to page where appointments calendar short-code is used' -H 'Accept: text/html, /; q=0.01' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.5' -H 'Content-Type:...

0.8AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2016/09/30 12:0 a.m.12 views

Appointment Calendar - Stored Cross-Site Scripting (XSS)

When user submist data from appointments there is no validation which leads to stored XSS. curl 'Path to page where appointments calendar short-code is used' -H 'Accept: text/html, /; q=0.01' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.5' -H 'Content-Type:...

0.2AI score
Exploits0References1
Patchstack
Patchstack
added 2016/09/30 12:0 a.m.8 views

WordPress Appointment Calendar Plugin - Stored Cross Site Scripting (XSS)

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

1.9AI score
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/22 6:16 a.m.6 views

"New appointment" function in Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. "New appointment" function in Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under...

6.1CVSS6AI score0.01077EPSS
Exploits0References5
Hacker One
Hacker One
added 2016/05/27 8:13 p.m.19 views

drchrono: User with no permissions can access full wdcalendar feed

Hi All, I've found a vulnerability related to access the calendar when a user has no permissions. Vulnerability I've create a doctor's account with a user who has no permission. Browsing the site, I noticed a call to...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2016/02/29 12:0 a.m.25 views

WordPress appointment-booking-calendar <=1.1.23 - Unauthenticated SQL injection

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/01/28 12:0 a.m.37 views

WordPress Appointment Booking Calendar 1.1.24 Escalation / XSS

Exploit Title: WordPress appointment-booking-calendar =1.1.24 - Privilege escalation Managing calendars & Persistent XSS Date: 2016-01-28 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0 security-lab Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2016/01/28 12:0 a.m.37 views

WordPress Appointment Booking Calendar 1.1.24 SQL Injection

Exploit Title: WordPress appointment-booking-calendar =1.1.24 - SQL injection through ´addslashes´ wordpress ´wpmagicquotes´ function Date: 2016-01-28 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez now i0 security-lab...

0.1AI score
Exploits0
0day.today
0day.today
added 2016/01/27 12:0 a.m.42 views

WordPress Booking Calendar Contact Form 1.1.24 Plugin - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress appointment-booking-calendar =1.1.24 - Privilege escalation Managing calendars & Persistent XSS Date: 2016-01-28 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/01/26 12:0 a.m.31 views

WordPress Appointment Booking Calendar 1.1.23 Shortcode SQL Injection

Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Shortcode SQL injection Date: 2016-01-24 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0 security-lab Software Link:...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2016/01/26 12:0 a.m.32 views

WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection

WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Shortcode SQL injection Date: 2016-01-24 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramire...

0.5AI score
Exploits0
Rows per page
Query Builder