Vulnerabilities > Luxsoft

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-46700 SQL Injection vulnerability in Luxsoft Luxcal web Calendar
SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database.
network
low complexity
luxsoft CWE-89
critical
9.8
2023-11-20 CVE-2023-47175 Cross-site Scripting vulnerability in Luxsoft Luxcal web Calendar
Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.
network
low complexity
luxsoft CWE-79
6.1
2023-08-21 CVE-2023-39543 Cross-site Scripting vulnerability in Luxsoft Luxcal web Calendar
Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.
network
low complexity
luxsoft CWE-79
6.1
2023-08-21 CVE-2023-39939 SQL Injection vulnerability in Luxsoft Luxcal web Calendar
SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.
network
low complexity
luxsoft CWE-89
critical
9.1
2022-05-24 CVE-2021-45914 Unspecified vulnerability in Luxsoft Luxcal
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request.
network
low complexity
luxsoft
critical
9.8
2022-05-24 CVE-2021-45915 Unspecified vulnerability in Luxsoft Luxcal
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value.
network
low complexity
luxsoft
critical
9.8