Vulnerabilities > PHP Calendar > PHP Calendar > 1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-05-25 | CVE-2010-2041 | Cross-Site Scripting vulnerability in PHP-Calendar Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters. | 4.3 |
| 2009-12-22 | CVE-2009-3702 | Path Traversal vulnerability in PHP-Calendar 1.1 Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. | 7.5 |