CVE-2026-43882

CVE-2026-43882 affects WWBN AVideo up to v29.0 via an unauthenticated endpoint plugin/Scheduler/downloadICS.php that passes user-controlled title, date_start, description and joinURL into Scheduler::downloadICS(), building an ICS calendar. ICS::escape_string() only escapes comma and semicolon, no...

EUVD-2013-0318

Malware in sbrugna...

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an...

CVE-2013-0298

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted iCalendar file to the calendar application, the 2 dir or 3 file parameter to apps/filespdfviewer/viewer.php, or the 4 mountpoint parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted iCalendar file to the calendar application, the 2 dir or 3 file parameter to apps/filespdfviewer/viewer.php, or the 4 mountpoint parameter...

Server: Multiple XSS vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions allow remote attackers to inject arbitrary web script or HTML via the "sitename" and "siteurl" POST parameters to setsites.php in /apps/external/ajax/ CVE-2013-0297 Commits: e0140a stable45,...