4 matches found
CVE-2026-8143 Booking Calendar – Event Calendar <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters
The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hbcountryiso', 'hbusastateiso', and 'hbcanadaprovinceiso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin HBook 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2022-25558
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service DoS via the ProvinceCode parameter...
Tenda AX1806 缓冲区错误漏洞
The Tenda AX1806 is a WiFi6 wireless router from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda AX1806 formSetProvince function, which can be exploited by an attacker to cause a Denial of Service DoS via the ProvinceCode parameter...