Lucene search
PRIOn knowledge basePRION:CVE-2012-1835HistoryAug 14, 2012 - 9:55 p.m.
Cross site scripting
2012-08-1421:55:00
PRIOn knowledge base
www.prio-n.com
4
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| all-in-one_event_calendar | eq | 1.4 | |
| all-in-one_event_calendar | eq | 1.5 |
Related
wpvulndb
wpvulndb
All-in-One Event Calendar Plugin 1.4 & 1.5 Multiple XSS
2014-09-27 11:39:17
cve
cve
CVE-2012-1835
2022-10-03 16:15:27
openvas
openvas
patchstack
patchstack
WordPress All-in-One Event Calendar Plugin 1.4 - Multiple Parameter XSS
2012-04-11 00:00:00
WordPress All-in-One Event Calendar Plugin 1.4 - "title" Parameter XSS
2012-04-11 00:00:00
WordPress All-in-One Event Calendar Plugin 1.4 - "msg" Parameter XSS
2012-04-11 00:00:00
packetstorm
packetstorm
WordPress All-In-One Event Calendar 1.4 Cross Site Scripting
2012-04-12 00:00:00
htbridge
htbridge
nuclei
nuclei
WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
2021-07-14 23:19:57
securityvulns
securityvulns
nvd
nvd
CVE-2012-1835
2012-08-14 21:55:00
cvelist
cvelist
CVE-2012-1835
2022-10-03 16:15:27
rapid7blog
rapid7blog
NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS
2021-01-29 14:20:22