The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cros
HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encodin
A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When
A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the '
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, becaus
A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload inj
A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated remo
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the SVG sanitization logic. The regex pa
The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an a
A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can i
Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users o
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail preview feature. When
A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments secti
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.
October is a Content Management System (CMS) and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting (XSS) vulnerabilities was identified in October CMS backend configuration for
Multiple cross-site scripting (XSS) vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 202
Cross-site scripting (XSS) vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 th
Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView on the calendar which results in restricted event details being
Page 1+ Next →