EUVD-2006-2258

Malware in sbrugna...

EUVD-2024-32207

Malicious code in bioql PyPI...

WordPress EasyEvent plugin <= 1.0.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Satyam Singh, Vibhor Sharma in WordPress Plugin EasyEvent versions = 1.0.0...

CVE-2024-3628

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-3628

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-3628

The connected Patchstack entry for EasyEvent indicates a Stored XSS vulnerability in EasyEvent WordPress plugin versions

CVE-2024-3628 EasyEvent <= 1.0.0 - Admin+ Stored XSS

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-3628 EasyEvent <= 1.0.0 - Admin+ Stored XSS

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress EasyEvent Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software EasyEvent Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3628 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 16ee0a4a2a78 Credits Satyam Singh Vibhor Sharma...

WordPress plugin EasyEvent 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-26948 · WordPress · Easyevent

Name of the Vulnerable Software and Affected Versions: EasyEvent WordPress plugin versions 1.0.0 and earlier Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed, due to the plugin not sanitizing and...

EasyEvent <= 1.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Got to https://example.com/wp-admin/options-general.php?page=easyevent 2. In the ID fiel...

EasyEvent <= 1.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Got to https://example.com/wp-admin/options-general.php?page=easyevent 2. In the ID...

Typo3 CMS T3 EasyEvent tx_easyevent_pi1 0.37.3 SQL Injection

Exploit Title : Typo3 CMS T3 EasyEvent txeasyeventpi1 0.37.3 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 18/02/2019 Vendor Homepage : typo3.org Software Download Link : github.com/dwenzel/t3events/archive/master.zip...

CVE-2006-2257

Cross-site scripting XSS vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curryear parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curryear parameter...

CVE-2006-2257

CVE-2006-2257 is an XSS vulnerability affecting easyEvent 1.2, disclosed for index.php via the curr_year parameter. The underlying issue is improper handling of user-supplied input leading to script/HTML injection. Affected component: index.php in easyEvent 1.2. Impact per sources is partial conf...

CVE-2006-2257

Cross-site scripting XSS vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curryear parameter...