Lucene search
K

8 matches found

CVE
CVE
added 2026/02/11 2:56 p.m.10 views

CVE-2019-25316

GOautodial 4.0 contains a persistent cross-site scripting vulnerability exposed via the event title parameter. The flaw affects the CreateEvent.php endpoint, where authenticated attackers can send crafted POST requests with XSS payloads to execute arbitrary JavaScript in victims’ browsers. The CV...

6.4CVSS5.5AI score0.00184EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.6 views

GOautodial 跨站脚本漏洞

GOautodial is an open-source next-generation omnichannel contact center suite developed by GOautodial. Version 4.0 of GOautodial contains a cross-site scripting vulnerability. This vulnerability stems from stored-xss scripts, which may allow malicious scripts to be executed through event title...

6.4CVSS5.7AI score0.00184EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.4 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, and CI/CD continuous integration and continuous delivery features. A security vulnerability exists in GitLab, which stems from the ability of a group of...

3.1CVSS6.3AI score0.00436EPSS
Exploits1References2
Veracode
Veracode
added 2024/06/19 10:22 a.m.20 views

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient escaping of calendar event titles, leading to a stored XSS risk in the event deletion prompt...

6.1CVSS5.4AI score0.00374EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2024/06/18 12:0 a.m.5 views

Moodle 跨站脚本漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle that stems from insufficient escaping of calendar event titles, no details of the...

6.1CVSS5.9AI score0.00374EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.9 views

PT-2024-27913 · Alt Linux · Alt Linux

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient escaping of calendar event titles, which resulted in a stored XSS risk. This risk is specifically present in the...

8.8CVSS5.2AI score0.83343EPSS
Exploits8References73
CVE
CVE
added 2023/10/16 9:28 p.m.60 views

CVE-2023-43658

The CVE-2023-43658 entry describes a Cross-Site Scripting (XSS) flaw in the discourse-calendar plugin for the Discourse platform. The issue arises from improper escaping of event titles, which can trigger XSS in the email preview UI when CSP is disabled. This configuration is non-default, so most...

8CVSS6.5AI score0.00501EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.3 views

Discourse Cross-Site Scripting Vulnerability

Discourse is an open source community discussion platform. The platform includes features such as community, email, and chat rooms. A cross-site scripting vulnerability exists in dicourse-calendar, which stems from improper escaping of event titles and could lead to cross-site scripting XSS...

8CVSS6.1AI score0.00501EPSS
Exploits0References4
Rows per page
Query Builder