cbcvebase.

Webcalendar Project Webcalendar vulnerabilities

7 known vulnerabilities affecting webcalendar_project/webcalendar.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2012-1495P1CRITICALCVSS 9.8PoCfixed in 1.2.52020-01-27
CVE-2012-1495 [CRITICAL] CWE-74 CVE-2012-1495: install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
nvd
CVE-2012-5385P3HIGHCVSS 7.5v1.0v1.1.1+11 more2012-10-11
CVE-2012-5385 [HIGH] CWE-264 CVE-2012-5385: install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settin install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.
nvd
CVE-2017-10841P4MEDIUMCVSS 4.9v1.2.72017-08-29
CVE-2017-10841 [MEDIUM] CWE-22 CVE-2017-10841: Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
nvd
CVE-2013-1422P4MEDIUMCVSS 5.3fixed in 1.2.72020-02-04
CVE-2013-1422 [MEDIUM] CWE-203 CVE-2013-1422: webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user"). webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
nvd
CVE-2024-22635P4MEDIUMCVSS 6.1v1.3.02024-01-25
CVE-2024-22635 [MEDIUM] CWE-79 CVE-2024-22635: WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability vi WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
nvd
CVE-2017-10840P4MEDIUMCVSS 6.1v1.2.72017-08-29
CVE-2017-10840 [MEDIUM] CWE-79 CVE-2017-10840: Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arb Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-1421P4MEDIUMCVSS 4.3≤ 1.2.4v1.0+12 more2014-04-22
CVE-2013-1421 [MEDIUM] CWE-79 CVE-2013-1421: Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.
nvd
Webcalendar Project Webcalendar vulnerabilities | cvebase