CVE-2022-37162

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS. An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event...

FetLife: Able to see location coordinates in any event without permission to do so

The vulnerability allowed attackers to view the location coordinates of events in the response of the /events/event-id endpoint, even when the event host had hidden the exact address from non-RSVP users. This was possible because the coordinates were included in the response regardless of the...

SUSE CVE-2012-5567

Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the 1 month, 2 monthlist, or ...

Stored XSS

Description webcalendar has a feature to add event and display the location of it. This feature lead to stored xss everytime a user open the calendar or the event detail page. Proof of Concept 1. 1- login as user 2. 2- create an event 3. 3- insert the payload on "location" field 4. 4- Save 5. 5- ...

Know before you go: Talos Threat Research Summit

We are now just 48 hours away from the second annual Talos Threat Research Summit. After last year's success in Orlando, we are back and better than ever from San Diego on Sunday. If you plan on attending, here's what you need to know before Sunday morning. Can't make it out? You can still stream...

Splunk Discovery Day Moscow 2018

Today I attended the Splunk Discovery Day 2018 conference. It is something like a local equivalent of the famous Splunk .conf. More than 200 people have registered. The event was held in the luxury Baltschug Kempinski hotel in the very center of Moscow with a beautiful view of the Red Square and...

Invision Power Services IPS Community Suite Cross-Site Scripting Vulnerability

Invision Power Services IPS Community Suite is a PHP and MySQL based Web forum program from Invision Power Services, Inc. A cross-site scripting vulnerability in version 4.x prior to Invision Power Services IPS Community Suite 4.0.12.1 allows remote, authenticated users to submit a calendar //...

CVE-2012-5567

Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the 1 month, 2 monthlist, or ...

CVE-2012-5567

Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the 1 month, 2 monthlist, or ...

phpCommunityCalendar 4.0.3 - Cross-Site Scripting / SQL Injection

author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : "Calendar programming by AppIdeas.com" filetype:php XSS: http://SERVER/PATH/week.php?LoName=alert'XSS' http://SERVER/PATH/month.php?LoName=alert'XSS' http://SERVER/PATH/event.php?AddressLink="alert'XSS'" SQL...

phpCommunityCalendar 4.0.3 - Cross-Site Scripting SQL Injection

phpCommunityCalendar 4.0.3 - Cross-Site Scripting SQL Injection author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : "Calendar programming by AppIdeas.com" filetype:php XSS: http://SERVER/PATH/week.php?LoName=alert'XSS' http://SERVER/PATH/month.php?LoName=alert'XSS'...