15 matches found
CVE-2026-1252
The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
CVE-2026-1252
The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
CVE-2026-1252 Events Listing Widget <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field
The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
EUVD-2026-5652
The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
CVE-2026-1252
The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
CVE-2026-1252 Events Listing Widget <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field
The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
CVE-2026-1252
The CVE-2026-1252 entry concerns the WordPress Events Listing Widget plugin (versions up to 1.3.4). A Stored Cross-Site Scripting flaw exists in the Event URL parameter caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at Author level or hig...
WordPress Events Listing Widget plugin <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Event URL Field vulnerability discovered by WordFence in WordPress Plugin Events Listing Widget versions = 1.3.4...
WordPress plugin Events Listing Widget 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2006-6066
Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to a adminlogin.asp, the 3 ID parameter to b eventsearchdetail.asp, or the 4 VenueID parameter to c venuedetail.asp...
CVE-2006-6066
Vulnerability summary (CVE-2006-6066) : Dragon Calendar / Events Listing 2.x contains multiple SQL injection flaws allowing remote attackers to execute arbitrary SQL commands via parameters in API endpoints: username or password to admin_login.asp, ID to event_searchdetail.asp, and VenueID to ven...
CVE-2006-6066
Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to a adminlogin.asp, the 3 ID parameter to b eventsearchdetail.asp, or the 4 VenueID parameter to c venuedetail.asp...
Dragon calendar [ login bypass & injection sql ]
vendor site:http://www.dragoninternet.net/ product:Dragon Events Listing bug:login bypass & injection sql risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql get http://site.com/eventsearchdetail.asp?ID='sql http://site.com/venuedetail.asp?VenueID='sql laurent gaffie & benjam...
dragonevents.txt
vendor site:http://www.dragoninternet.net/ product:Dragon Events Listing bug:login bypass & injection sql risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql get http://site.com/eventsearchdetail.asp?ID='sql http://site.com/venuedetail.asp?VenueID='sql laurent gaffié & benjam...
Dragon Internet Events Listing 2.0.01 - event_searchdetail.asp?ID SQL Injection
Dragon Internet Events Listing 2.0.01 - eventsearchdetail.asp?ID SQL Injection source: https://www.securityfocus.com/bid/21098/info Dragon Event Listing is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an...