Vulnerabilities > Minical

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-30	CVE-2023-46478	Authorization Bypass Through User-Controlled Key vulnerability in Minical 1.0.0 An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. network low complexity minical CWE-639	8.8
2023-06-18	CVE-2023-3307	SQL Injection vulnerability in Minical 1.0.0 A vulnerability was found in miniCal 1.0.0. network low complexity minical CWE-89	8.8
2023-06-05	CVE-2023-33408	Cross-site Scripting vulnerability in Minical 1.0.0 Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). network low complexity minical CWE-79	5.4
2023-06-05	CVE-2023-33409	Cross-Site Request Forgery (CSRF) vulnerability in Minical 1.0.0 Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. network low complexity minical CWE-352	6.5
2023-06-05	CVE-2023-33410	Improper Neutralization of Formula Elements in a CSV File vulnerability in Minical 1.0.0 Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. network low complexity minical CWE-1236	8.8

Vulnerabilities > Minical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Minical"}]}