Vulnerabilities > Mario Matzulla

DATE CVE VULNERABILITY TITLE RISK
2010-06-02 CVE-2010-2131 SQL Injection vulnerability in Mario Matzulla CAL
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data.
network
low complexity
mario-matzulla typo3 CWE-89
7.5
2010-04-23 CVE-2009-4804 Cross-Site Scripting vulnerability in Mario Matzulla Calendar Base
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."
4.3
2009-12-02 CVE-2009-4158 SQL Injection vulnerability in Mario Matzulla CAL
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 mario-matzulla CWE-89
7.5