Vulnerabilities > Minical

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-46478 Authorization Bypass Through User-Controlled Key vulnerability in Minical 1.0.0
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter.
network
low complexity
minical CWE-639
8.8
2023-06-18 CVE-2023-3307 Unspecified vulnerability in Minical 1.0.0
A vulnerability was found in miniCal 1.0.0.
network
low complexity
minical
8.8
2023-06-05 CVE-2023-33408 Cross-site Scripting vulnerability in Minical 1.0.0
Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
minical CWE-79
5.4
2023-06-05 CVE-2023-33409 Cross-Site Request Forgery (CSRF) vulnerability in Minical 1.0.0
Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.
network
low complexity
minical CWE-352
6.5
2023-06-05 CVE-2023-33410 Improper Neutralization of Formula Elements in a CSV File vulnerability in Minical 1.0.0
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code.
network
low complexity
minical CWE-1236
8.8