Vulnerabilities > Minical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-30 | CVE-2023-46478 | Authorization Bypass Through User-Controlled Key vulnerability in Minical 1.0.0 An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. | 8.8 |
2023-06-18 | CVE-2023-3307 | Unspecified vulnerability in Minical 1.0.0 A vulnerability was found in miniCal 1.0.0. | 8.8 |
2023-06-05 | CVE-2023-33408 | Cross-site Scripting vulnerability in Minical 1.0.0 Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
2023-06-05 | CVE-2023-33409 | Cross-Site Request Forgery (CSRF) vulnerability in Minical 1.0.0 Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. | 6.5 |
2023-06-05 | CVE-2023-33410 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Minical 1.0.0 Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. | 8.8 |