cbcvebase.

Luxsoft Luxcal Web Calendar vulnerabilities

8 known vulnerabilities affecting luxsoft/luxcal_web_calendar.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2023-46700P2CRITICALCVSS 9.8fixed in 5.2.4lfixed in 5.2.4m+2 more2023-11-20
CVE-2023-46700 [CRITICAL] CWE-89 CVE-2023-46700: SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Ca SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database.
nvd
CVE-2023-39939P3CRITICALCVSS 9.1fixed in 5.2.3mfixed in 5.2.3l+2 more2023-08-21
CVE-2023-39939 [CRITICAL] CWE-89 CVE-2023-39939: SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Ca SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.
nvd
CVE-2025-25221P3CRITICALCVSS 9.8fixed in 5.3.3lfixed in 5.3.3m2025-02-18
CVE-2025-25221 [CRITICAL] CWE-89 CVE-2025-25221: The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contain The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.
nvd
CVE-2025-25222P3CRITICALCVSS 9.8fixed in 5.3.3lfixed in 5.3.3m2025-02-18
CVE-2025-25222 [CRITICAL] CWE-89 CVE-2025-25222: The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contain The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.
nvd
CVE-2025-25224P3HIGHCVSS 7.5fixed in 5.3.3lfixed in 5.3.3m2025-02-18
CVE-2025-25224 [HIGH] CWE-306 CVE-2025-25224: The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contain The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
nvd
CVE-2025-25223P4MEDIUMCVSS 5.3fixed in 5.3.3lfixed in 5.3.3m2025-02-18
CVE-2025-25223 [MEDIUM] CWE-22 CVE-2025-25223: The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contain The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
nvd
CVE-2023-47175P4MEDIUMCVSS 6.1fixed in 5.2.4lfixed in 5.2.4m+2 more2023-11-20
CVE-2023-47175 [MEDIUM] CWE-79 CVE-2023-47175: Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.
nvd
CVE-2023-39543P4MEDIUMCVSS 6.1fixed in 5.2.3mfixed in 5.2.3l+2 more2023-08-21
CVE-2023-39543 [MEDIUM] CWE-79 CVE-2023-39543: Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.
nvd
Luxsoft Luxcal Web Calendar vulnerabilities | cvebase