23 matches found
EUVD-2022-30272
Malicious code in bioql PyPI...
EUVD-2022-30271
Malicious code in bioql PyPI...
WordPress Simple Event Planner plugin cross-site scripting vulnerability (CNVD-2022-67561)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Simple Event Planner plugin 1.5.4 and previou...
WordPress Simple Event Planner plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Simple Event Planner plugin 1.5.4 and previous versions have a cross-site scripting vulnerability, which can be exploited by...
CVE-2022-25611
Authenticated Stored Cross-Site Scripting XSS in Simple Event Planner plugin = 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &customaddseg...
CVE-2022-25612
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...
CVE-2022-25611
Authenticated Stored Cross-Site Scripting XSS in Simple Event Planner plugin = 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &customaddseg...
CVE-2022-25612
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...
Cross site scripting
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...
Cross site scripting
Authenticated Stored Cross-Site Scripting XSS in Simple Event Planner plugin = 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &customaddseg...
CVE-2022-25612 WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...
CVE-2022-25612 WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...
CVE-2022-25611 WordPress Simple Event Planner plugin <= 1.5.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS in Simple Event Planner plugin = 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &customaddseg...
CVE-2022-25611
The CVE-2022-25611 entry concerns WordPress WordPress Simple Event Planner plugin versions
CVE-2022-25611 WordPress Simple Event Planner plugin <= 1.5.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS in Simple Event Planner plugin = 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &customaddseg...
WordPress plugin Simple Event Planner 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Simple Event Planner plugin 1.5.4 and previou...
WordPress plugin Simple Event Planner 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Simple Event Planner plugin 1.5.4 and previous versions have a cross-site scripting vulnerability, which can be exploited by...
CVE-2022-25611
Authenticated Stored Cross-Site Scripting XSS in Simple Event Planner plugin = 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter addseg...
CVE-2022-25612
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: eventorganiser, organiseremail, organisercontact...
Simple Event Planner < 1.5.5 - Author+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its Event Options, such as eventorganiser, organiseremail and organisercontact which could allow users with a role as low as author to perform Cross-Site Scripting attacks...