Page 3 of 22 results (0.001 seconds)

CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2017-2150

https://notcve.org/view.php?id=CVE-2017-2150

28 Apr 2017 — Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. Vulnerabilidad de salto de directorio en Booking Calendar versioes 7.0 y anteriores, que permitiría a un atacante remoto leer ficheros arbitrarios a través de un parámetro captcha_chalange especialmente manipulado. • http://jvn.jp/en/jp/JVN18739672/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-2151

https://notcve.org/view.php?id=CVE-2017-2151

28 Apr 2017 — Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Booking Calendar versiones 7.1 y anteriores, que permitiría a un atacante remoto inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN54762089/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •