7 matches found
Cross site scripting
Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the eventdesc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the eventid parameter to 1 addevent.php or 2 del.php or 3 eventdesc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely fro...
CVE-2006-1908
Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the eventdesc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1908
Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the eventdesc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1907
Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the eventid parameter to 1 addevent.php or 2 del.php or 3 eventdesc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely fro...
CVE-2006-1908
CVE-2006-1908 affects the myEvent 1.x web application. The core issue is a cross-site scripting vulnerability in addevent.php’s event_desc parameter, enabling injection of arbitrary script/HTML. Connected sources also describe additional flaws in the same product: unsanitized input to myevent_pat...
CVE-2006-1907
The documents describe multiple remote vulnerabilities in myEvent 1.x (a PHP calendar app). The core issues allow SQL injection via the event_id parameter to addevent.php, del.php, or via event_desc to addevent.php, and a separate path traversal/remote include risk via myevent_path that could lea...