Vulnerabilities > JCE Tech > PHP Calendars Script
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-01-22 | CVE-2010-0380 | Permissions, Privileges, and Access Controls vulnerability in Jce-Tech PHP Calendars Script install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. | 5.0 |
2010-01-21 | CVE-2010-0376 | Cross-Site Scripting vulnerability in Jce-Tech PHP Calendars Script Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 4.3 |
2010-01-21 | CVE-2010-0375 | SQL Injection vulnerability in Jce-Tech PHP Calendars Script SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2009-09-15 | CVE-2009-3197 | Cross-Site Scripting vulnerability in Jce-Tech PHP Calendars Script Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |