CVE-2026-2396 List View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-32997

The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

BIT-MOODLE-2024-34006 moodle: unsanitized HTML in site log for config_log_created

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

CVE-2022-22944

VMware Workspace ONE Boxer contains a stored cross-site scripting XSS vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window...

Moodle < 4.1.10 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.10, or 4.2.x prior to 4.2.7 or 4.3.x prior to 4.3.3. It is, therefore, affected by multiple vulnerabilities. - Actions in the admin management of analytics models did not include the necessary tok...

Moodle Unsanitized HTML in site log for config_log_created

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

GHSA-VVH5-7V3M-J3MJ Moodle Unsanitized HTML in site log for config_log_created

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

CVE-2024-34006

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

CVE-2024-34006

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

CVE-2024-34006 moodle: unsanitized HTML in site log for config_log_created

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

CVE-2006-6522

Multiple cross-site scripting XSS vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the 1 forum module and 2 event descriptions. NOTE: some of these details are obtained from third party information...