8 matches found
CVE-2019-25316
GOautodial 4.0 contains a persistent cross-site scripting vulnerability exposed via the event title parameter. The flaw affects the CreateEvent.php endpoint, where authenticated attackers can send crafted POST requests with XSS payloads to execute arbitrary JavaScript in victims’ browsers. The CV...
GOautodial 跨站脚本漏洞
GOautodial is an open-source next-generation omnichannel contact center suite developed by GOautodial. Version 4.0 of GOautodial contains a cross-site scripting vulnerability. This vulnerability stems from stored-xss scripts, which may allow malicious scripts to be executed through event title...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, and CI/CD continuous integration and continuous delivery features. A security vulnerability exists in GitLab, which stems from the ability of a group of...
Cross-site Scripting (XSS)
moodle/moodle is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient escaping of calendar event titles, leading to a stored XSS risk in the event deletion prompt...
Moodle 跨站脚本漏洞
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle that stems from insufficient escaping of calendar event titles, no details of the...
PT-2024-27913 · Alt Linux · Alt Linux
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient escaping of calendar event titles, which resulted in a stored XSS risk. This risk is specifically present in the...
CVE-2023-43658
The CVE-2023-43658 entry describes a Cross-Site Scripting (XSS) flaw in the discourse-calendar plugin for the Discourse platform. The issue arises from improper escaping of event titles, which can trigger XSS in the email preview UI when CSP is disabled. This configuration is non-default, so most...
Discourse Cross-Site Scripting Vulnerability
Discourse is an open source community discussion platform. The platform includes features such as community, email, and chat rooms. A cross-site scripting vulnerability exists in dicourse-calendar, which stems from improper escaping of event titles and could lead to cross-site scripting XSS...