CVE-2019-25316

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary...

CVE-2019-25316 GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary...

CVE-2019-25316

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary...

PT-2026-7610

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary...

EUVD-2006-0088

Malware in sbrugna...

EUVD-2018-10583

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-38274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. CVE-2024-38274 Note that Nessus relies on the presenc...

CVE-2025-52132

The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page...

CVE-2025-52132

CVE-2025-52132 affects the Mocca Calendar application for XWiki (pre-2.15). The vulnerability is an XSS flaw triggered by the title on the View Event page. Affected versions are Mocca Calendar prior to 2.15. The root cause is an improper sanitization/encoding of the title parameter on the event v...

Exploit for Cross-site Scripting in Silverpeas

CVE-2024-39031 : Silverpeas Core Stored XSS in in Mes agendas...

CVE-2024-25151

The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote...

CVE-2018-18872

The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the eventtitle parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI...

Design/Logic Flaw

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/eventadd.php eventtitle parameter...

CVE-2017-17988

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/eventadd.php eventtitle parameter...

CVE-2012-5606

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 file name to apps/filesversions/js/versions.js or 2 apps/files/js/filelist.js; or 3 event title to 3rdparty/fullcalendar/js/fullcalendar.js...

CVE-2012-5606

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the 1 file name to apps/filesversions/js/versions.js or 2 apps/files/js/filelist.js; or 3 event title to 3rdparty/fullcalendar/js/fullcalendar.js...

Server: Multiple XSS vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the filename to to versions.js in apps/filesversions/js/ the filename to filelist.js in apps/files/js/ the event title to fullcalendar.js in...

CVE-2006-6030

Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 passwd Password fields in a admin/default.asp; or the 3 Event Title, 4 Location, or 5 Description field when making a search engine query in b search.asp...

CVE-2005-4189

Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the Calendar name field when creating calendars, 2 event title field when deleting events, the 3 Category and 4 Location search fields...

CVE-2005-4189

Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the Calendar name field when creating calendars, 2 event title field when deleting events, the 3 Category and 4 Location search fields...