2 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries. • http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2537 http://secunia.com/advisories/10554 http://securitytracker.com/id?1008621 http://www.osvdb.org/3336 http://www.securityfocus.com/bid/9372 https://exchange.xforce.ibmcloud.com/vulnerabilities/14111 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page. Scripting de sitio cruzado en PostCalendar 3.02 permite que atacantes remotos inserten HTML arbitrario y script, y roben cookies, modificando una entrada de calendario en su página "preview". • http://archives.neohapsis.com/archives/bugtraq/2002-04/0288.html http://www.iss.net/security_center/static/8899.php http://www.securityfocus.com/bid/4563 •