2072 matches found
CVE-2016-6190
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all...
DEBIAN-CVE-2014-9905
Multiple cross-site scripting XSS vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title of an appointment or 2 contact fields...
CVE-2014-9905
Multiple cross-site scripting XSS vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title of an appointment or 2 contact fields...
PT-2017-6404 · Inverse · Sogo
Name of the Vulnerable Software and Affected Versions: SOGo versions prior to 2.2.0 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the Web Calendar component of SOGo. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via...
CVE-2015-4593
eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...
WordPress Appointment Schedule Booking System - Authenticated Stored XSS
The wp-appointment-schedule-booking-system WordPress plugin was affected by an Authenticated Stored XSS security vulnerability...
WordPress Appointment Schedule Booking System Plugin - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Appointment Schedule Booking System Plugin - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
WordPress Appointment Calendar Plugin - Stored Cross Site Scripting (XSS)
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
Appointment Calendar - Stored Cross-Site Scripting (XSS)
When user submist data from appointments there is no validation which leads to stored XSS. PoC curl 'Path to page where appointments calendar short-code is used' -H 'Accept: text/html, /; q=0.01' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.5' -H 'Content-Type:...
Appointment Calendar - Stored Cross-Site Scripting (XSS)
When user submist data from appointments there is no validation which leads to stored XSS. curl 'Path to page where appointments calendar short-code is used' -H 'Accept: text/html, /; q=0.01' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.5' -H 'Content-Type:...
WordPress Appointment Calendar Plugin - Stored Cross Site Scripting (XSS)
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
"New appointment" function in Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. "New appointment" function in Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under...
drchrono: User with no permissions can access full wdcalendar feed
Hi All, I've found a vulnerability related to access the calendar when a user has no permissions. Vulnerability I've create a doctor's account with a user who has no permission. Browsing the site, I noticed a call to...
WordPress appointment-booking-calendar <=1.1.23 - Unauthenticated SQL injection
No description provided by source...
WordPress Appointment Booking Calendar 1.1.24 Escalation / XSS
Exploit Title: WordPress appointment-booking-calendar =1.1.24 - Privilege escalation Managing calendars & Persistent XSS Date: 2016-01-28 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0 security-lab Software Link:...
WordPress Appointment Booking Calendar 1.1.24 SQL Injection
Exploit Title: WordPress appointment-booking-calendar =1.1.24 - SQL injection through ´addslashes´ wordpress ´wpmagicquotes´ function Date: 2016-01-28 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez now i0 security-lab...
WordPress Booking Calendar Contact Form 1.1.24 Plugin - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: WordPress appointment-booking-calendar =1.1.24 - Privilege escalation Managing calendars & Persistent XSS Date: 2016-01-28 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin...
WordPress Appointment Booking Calendar 1.1.23 Shortcode SQL Injection
Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Shortcode SQL injection Date: 2016-01-24 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0 security-lab Software Link:...
WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection
WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Shortcode SQL injection Date: 2016-01-24 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramire...