CVE-2026-39941

ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims...

CVE-2026-39941 ChurchCRM has an XSS vulnerability

ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims...

CVE-2021-47895

Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application...

CVE-2021-47895

Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application...

CVE-2021-47895 Nsauditor 3.2.2.0 - 'Event Description' Denial of Service

Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application...

CVE-2021-47895

Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application...

CVE-2021-47895 Nsauditor 3.2.2.0 - 'Event Description' Denial of Service

Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application...

CVE-2021-47895

Nsauditor 3.2.2.0 is affected by a denial-of-service vulnerability where overwriting the Event Description field with a large buffer can crash the application. Proof-of-concept uses a 10,000-character 'U' buffer pasted into the Event Description field. Impact is a local crash; no details on a ven...

Nsasoft Nsauditor security vulnerabilities

Nsasoft Nsauditor is a network security software developed by the American company Nsasoft. Version Nsasoft Nsauditor 3.2.2.0 contains a security vulnerability. This vulnerability stems from insufficient boundary checks on the event description field, which may lead to denial of service attacks...

PT-2026-4511

Name of the Vulnerable Software and Affected Versions Nsauditor version 3.2.2.0 Description The software contains a denial of service issue that allows attackers to crash the application. This is achieved by overwriting the Event Description field with a large buffer. Specifically, a...

CVE-2025-14548

The Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eventdesc' parameter in all versions up to, and including, 1.3.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

EUVD-2025-204784

The Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eventdesc' parameter in all versions up to, and including, 1.3.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

WordPress plugin Calendar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-52734

Name of the Vulnerable Software and Affected Versions WordPress Calendar plugin versions prior to 1.3.17 Description The Calendar plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the event desc parameter...

WordPress Calendar plugin <= 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'event_desc' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'eventdesc' vulnerability discovered by Hieus in WordPress Plugin Calendar versions = 1.3.16...

EUVD-2005-2884

Malware in sbrugna...

EUVD-2006-1908

Malware in sbrugna...

EUVD-2022-4021

Malicious code in bioql PyPI...

U.S. Dept Of Defense: Cross-Site Scripting via 'EVENT_DESCRIPTION' parameter

A Cross-Site Scripting XSS vulnerability was discovered in the POST method on the website, specifically through the EVENTDESCRIPTION parameter. Exploitation of this vulnerability could have led to severe consequences, including session hijacking. The vulnerability was caused by insufficient...

CVE-2021-30111

A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...