漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS.
漏洞信息
N/A
漏洞
N/A
漏洞
PHP Event Calendar 跨站脚本攻击漏洞
漏洞信息
Softcomplex PHP Event Calendar 1.5中存在跨站脚本攻击(XSS)漏洞。远程认证用户可以借助(1) username和(2) password参数(在写入user.php之前没有经过审查)注入任意Web脚本或HTML以及错误数据。注意:该问题最开始报告为XSS,但主要问题可能是直接静态代码注入而导致的XSS。
漏洞信息
N/A
漏洞
N/A