Craigk5N Webcalendar vulnerabilities
2 known vulnerabilities affecting craigk5n/craigk5n_webcalendar.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-1097P4MEDIUMCVSS 5.4≥ unspecified, ≤ latest2024-11-15
CVE-2024-1097 [MEDIUM] CWE-79 CVE-2024-1097: A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The
A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report, potentially leading to the theft of user accounts and c
nvd
CVE-2023-0289P4MEDIUMCVSS 5.4≥ unspecified, < master2023-01-13
CVE-2023-0289 [MEDIUM] CWE-79 CVE-2023-0289: Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
nvd