CVE-2024-12077

The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘calendarid’ parameter in all versions up to, and including, 3.2.19 and 11.2.19 respectively, due to insufficient input sanitization and output escaping. This makes it...

Semrush: IDOR in marketing calendar tool

INTRODUCTION I used two accounts to search for this vulnerability: Id: █████ Email: ██████ Id: ███ Email: ███ IP used: 78.194.169.36 Endpoint URL: https://ec.semrush.com/api/v1/ga/userstatus/?calendarid=CALENDARID EXPLOITATION Description of Security Issue: When a marketing calendar is loaded in...

ownCloud 'calendar_id' Parameter privilege Escalation Vulnerability

ownCloud is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if...

CVE-2013-2043

apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendarid parameter...