Vulnerabilities > PHP Calendar

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-4455 Cross-site Scripting vulnerability in PHP-Calendar
A vulnerability, which was classified as problematic, was found in sproctor php-calendar.
network
low complexity
php-calendar CWE-79
6.1
2017-03-05 CVE-2017-6485 Cross-site Scripting vulnerability in PHP-Calendar
A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03.
4.3
2010-05-25 CVE-2010-2041 Cross-Site Scripting vulnerability in PHP-Calendar
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters.
4.3
2009-12-22 CVE-2009-3702 Path Traversal vulnerability in PHP-Calendar 1.1
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php.
network
low complexity
php-calendar CWE-22
7.5
2005-05-03 CVE-2005-1397 SQL Injection vulnerability in PHP-Calendar Search.PHP
SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
network
low complexity
php-calendar
7.5
2004-12-31 CVE-2004-1423 Code Injection vulnerability in PHP-Calendar
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
network
low complexity
php-calendar CWE-94
7.5