CVE-2024-48465

The MRBS version 1.5.0 has an SQL injection vulnerability in the editentryhandler.php file, specifically in the rooms%5B%5D parameter...

PT-2024-33123 · Mrbs · Mrbs

Name of the Vulnerable Software and Affected Versions: MRBS version 1.5.0 Description: The issue is related to an SQL injection vulnerability found in the edit entry handler.php file, specifically affecting the rooms%5B%5D parameter. Recommendations: For MRBS version 1.5.0, avoid using the...

Pomelo allows external control of critical state data

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

CVE-2019-18954

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the 1 $name or 2 $description variables in editentryhandler.php, or 3 $url, 4 $tempfullname, or 5 $extusers variables in viewentry.php, different vector...