17 matches found
CVE-2026-39400
Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...
CVE-2026-39400
Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...
CVE-2026-39400 Stored XSS via Job HTML/Table Output in Cronicle
Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...
CVE-2026-39400 Stored XSS via Job HTML/Table Output in Cronicle
Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...
CVE-2026-24855
ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...
EUVD-2026-5024
ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...
CVE-2026-24855 ChurchCRM has Stored Cross-Site Scripting (XSS) in Create Events in Church Calendar, Leading to Account Takeover
ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...
CVE-2026-24855 ChurchCRM has Stored Cross-Site Scripting (XSS) in Create Events in Church Calendar, Leading to Account Takeover
ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...
CVE-2026-24855
ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...
CVE-2026-24855
ChurchCRM has a Stored Cross-Site Scripting (XSS) vulnerability in the Church Calendar Create Events feature, affecting versions prior to 6.7.2. Low-privilege users can insert XSS payloads into the Description field, which is stored in the database; when other users, including admins, view the ev...
EUVD-2018-20535
Malware in sbrugna...
CVE-2024-4687
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/createevents.php. The manipulation of the argument myindex leads to cross site scripting. It is possible to launch the attack...
Campcodes Complete Web-Based School Management System 跨站脚本漏洞
Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which originates from a cross-site scripting vulnerability in...
PT-2024-32263 · Unknown · Campcodes Complete Web-Based School Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A problematic issue has been discovered, affecting an unknown function of the file /view/create events.php. The manipulation of the my index argument leads to...
PT-2024-2834 · Moodle · Moodle Lms
Name of the Vulnerable Software and Affected Versions: Moodle LMS affected versions not specified Description: The issue is related to inadequate access control in the Moodle Learning Management System. This could allow a user with a student role to create arbitrary events intended for users with...
WordPress Bulk Edit Events – Create Events in a Bulk Editor plugin < 1.1.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Bulk Edit Events – Create Events in a Bulk Editor plugin versions 1.1.9. Solution Update the WordPress Bulk Edit Events – Create Events in a Bulk Editor plugin to the latest available version at least...
CVE-2021-25025
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events...