Vulnerabilities > CVE-2021-45915 - Unspecified vulnerability in Luxsoft Luxcal

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

luxsoft

critical

NVD

Published: 2022-05-24

Updated: 2023-08-08

Summary

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.

Vulnerable Configurations

Part	Description	Count
Application	Luxsoft Luxsoft Luxcal *	1

References

https://h1pmnh.github.io/post/cve-luxcal-2021/
https://github.com/h1pmnh
https://twitter.com/h1pmnh
https://www.luxsoft.eu/index.php?pge=dload