CVE-2026-39935

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS. This issue was remediated only on the master branch...

CVE-2026-39935

The CVE-2026-39935 entry describes a Cross-Site Scripting (XSS) vulnerability in The Wikimedia Foundation MediaWiki CampaignEvents Extension. Affected versions are 1.43.7, 1.44.4, and 1.45.2, where improper input neutralization during web page generation allows XSS. The issue is tied to the Campa...

EUVD-2018-13835

Malware in sbrugna...

CVE-2018-25076

A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to...

WordPress Past Events Extension Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Past Events Extension Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2e6ecc56e2b5 Credits Rafie Muhammad Patchstack...

CVE-2018-25076

A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to...

CVE-2018-25076

A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to...

Sql injection

A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to...

CVE-2018-25076 Events Extension events.php searchResults sql injection

A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to...

CVE-2018-25076

Summary (CVE-2018-25076) A SQL injection exists in the BigTree CMS “Events Extension” via functions in classes/events.php: getRandomFeaturedEventByDate, getUpcomingFeaturedEventsInCategoriesWithSubcategories, recacheEvent, and searchResults. Root cause: unparameterized inputs in these paths enabl...

PT-2023-10817 · Bigtree · Events Extension

Name of the Vulnerable Software and Affected Versions: Events Extension on BigTree affected versions not specified Description: A critical issue was found in the Events Extension, affecting the getRandomFeaturedEventByDate, getUpcomingFeaturedEventsInCategoriesWithSubcategories, recacheEvent, and...

WordPress Past Events Extension plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Past Events Extension plugin versions = 1.0.1. Solution No patched version available...

TYPO3 Events Extension SQL Injection Vulnerability

TYPO3 is a free and open source content management system. A SQL injection vulnerability exists in TYPO3 due to failure to adequately clean user input. An attacker can exploit the vulnerability to access and modify data...