EUVD-2026-38805

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...

CVE-2026-50709

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...

CVE-2026-50709

CVE-2026-50709 : In Frappe Framework 17.0.0-dev, a stored XSS vulnerability exists in the Notifications → Events panel due to improper neutralization of user-controlled input. The issue affects the rendering of color in Events and is described with a CVSS v4.0 base score of 4.8 (MEDIUM). The conn...

CVE-2007-5187

The CVE-2007-5187 entry describes a SQL injection vulnerability in the Expanded Calendar 2.x module for PHP-Fusion, specifically in infusions/calendar_events_panel/show_single.php, where an attacker can pass input through the sel parameter to execute arbitrary SQL commands. This is tied to remote...

CVE-2007-5187

SQL injection vulnerability in infusions/calendareventspanel/showsingle.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter...

PHP-Fusion module Expanded Calendar 2.x SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================= PHP-Fusion module Expanded Calendar 2.x SQL Injection Exploit ============================================================= ?php printr" / Expanded Calendar 2.x PHP-Fusion modul...