Lucene search
K

7 matches found

Prion
Prion
added 2006/04/20 6:6 p.m.17 views

Cross site scripting

Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the eventdesc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

2.6CVSS6.2AI score0.01194EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2006/04/20 6:6 p.m.17 views

Sql injection

Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the eventid parameter to 1 addevent.php or 2 del.php or 3 eventdesc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely fro...

7.5CVSS8.2AI score0.01214EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2006/04/20 6:6 p.m.15 views

CVE-2006-1908

Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the eventdesc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

2.6CVSS5.9AI score0.01194EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/04/20 6:0 p.m.26 views

CVE-2006-1908

Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the eventdesc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

5.9AI score0.01194EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/04/20 6:0 p.m.21 views

CVE-2006-1907

Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the eventid parameter to 1 addevent.php or 2 del.php or 3 eventdesc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely fro...

7.7AI score0.01214EPSS
Exploits0References5
CVE
CVE
added 2006/04/20 6:0 p.m.79 views

CVE-2006-1908

CVE-2006-1908 affects the myEvent 1.x web application. The core issue is a cross-site scripting vulnerability in addevent.php’s event_desc parameter, enabling injection of arbitrary script/HTML. Connected sources also describe additional flaws in the same product: unsanitized input to myevent_pat...

2.6CVSS5.9AI score0.01194EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2006/04/20 6:0 p.m.85 views

CVE-2006-1907

The documents describe multiple remote vulnerabilities in myEvent 1.x (a PHP calendar app). The core issues allow SQL injection via the event_id parameter to addevent.php, del.php, or via event_desc to addevent.php, and a separate path traversal/remote include risk via myevent_path that could lea...

7.5CVSS7.7AI score0.01214EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder