CVE-2026-39329

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerable flow reach...

CVE-2026-39329

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerable flow reach...

CVE-2026-39329 ChurchCRM has a Blind SQL injection in EventNames.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerable flow reach...

CVE-2023-30591

Denial-of-service in NodeBB = v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith or eventName.toString, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively...

PT-2024-31556 · Discourse · Discourse Calendar Plugin

Name of the Vulnerable Software and Affected Versions: Discourse Calendar plugin versions prior to 0.5 Description: The Discourse Calendar plugin is susceptible to XSS attacks when rendering event names. This issue only affects sites that have modified or disabled Discourse's default Content...

Discourse Calendar 跨站脚本漏洞

Discourse Calendar is an open source calendar plugin for Discourse. A cross-site scripting vulnerability exists in versions of Discourse Calendar prior to 0.5, which stems from a problem with the dynamic calendar functionality that may be vulnerable to XSS attacks when rendering event names. This...

PT-2023-22800 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB versions = 2.8.10 Description: The issue allows unauthenticated attackers to trigger a crash in NodeBB when invoking eventName.startsWith or eventName.toString, while processing Socket.IO messages via crafted Socket.IO messages...

SUSE CVE-2012-5339

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of 1 an event, 2 a procedure, or 3 a trigger...

MAL-2022-2282 Malicious code in custom-event-names (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b06a70ccf4ecbf312e8ea14b6890b653b560e9afeac1a31af3f9ddf64f4e9cb1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in custom-event-names (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b06a70ccf4ecbf312e8ea14b6890b653b560e9afeac1a31af3f9ddf64f4e9cb1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A cross-site scripting vulnerability exists in versions prior to Discourse Calendar 1.0.1, which can be exploited by an attacker to affect the parsing and rendering of event...