5 matches found
CVE-2024-1094 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This makes it...
CVE-2024-1094 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This makes it...
Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin < 1.0.22 - Missing Authorization to Limited Privilege Escalation
Description The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This...
Open-Xchange: XSS - Calendar - Unescaped common name of appointment participant
There is this function to get participant's name: javascript // frontend/ui/apps/io.ox/participants/chronos-views.js getDisplayName: function model, options options = options || ; var dn = model.get'contact' ? contactsUtil.getFullNamemodel.get'contact', options.asHtml : model.get'cn'; // 'email...
Update Protection against Microsoft Exchange Vulnerability (MS06-019)
A vulnerability exists in Microsoft Exchange Server that could allow an attacker to take complete control of the affected system. To exploit the vulnerability, an attacker would have to construct a specially crafted message that could potentially allow remote code execution when an Exchange Serve...