Event List < 0.8.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfilteredhtml is disallowed Put the following payload in the "iCal link text" Feed Settings of the plugin...

Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit feed settings, Edit widget area, Sub site new registration, New category registration Tested baserCMS Version :...

GHSA-WPWW-4JF4-4HX8 Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit feed settings, Edit widget area, Sub site new registration, New category registration Tested baserCMS Version :...

CVE-2016-4908

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors...

Cybozu Garoon fails to restrict access permission in the RSS settings

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the RSS settings. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information...