Webcalendar Project Webcalendar vulnerabilities
7 known vulnerabilities affecting webcalendar_project/webcalendar.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2012-1495P1CRITICALCVSS 9.8PoCfixed in 1.2.52020-01-27
CVE-2012-1495 [CRITICAL] CWE-74 CVE-2012-1495: install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
nvd
CVE-2012-5385P3HIGHCVSS 7.5v1.0v1.1.1+11 more2012-10-11
CVE-2012-5385 [HIGH] CWE-264 CVE-2012-5385: install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settin
install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.
nvd
CVE-2017-10841P4MEDIUMCVSS 4.9v1.2.72017-08-29
CVE-2017-10841 [MEDIUM] CWE-22 CVE-2017-10841: Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
nvd
CVE-2013-1422P4MEDIUMCVSS 5.3fixed in 1.2.72020-02-04
CVE-2013-1422 [MEDIUM] CWE-203 CVE-2013-1422: webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
nvd
CVE-2024-22635P4MEDIUMCVSS 6.1v1.3.02024-01-25
CVE-2024-22635 [MEDIUM] CWE-79 CVE-2024-22635: WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability vi
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
nvd
CVE-2017-10840P4MEDIUMCVSS 6.1v1.2.72017-08-29
CVE-2017-10840 [MEDIUM] CWE-79 CVE-2017-10840: Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arb
Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-1421P4MEDIUMCVSS 4.3≤ 1.2.4v1.0+12 more2014-04-22
CVE-2013-1421 [MEDIUM] CWE-79 CVE-2013-1421: Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.
nvd