Vulnerabilities > Webcalendar Project

DATE CVE VULNERABILITY TITLE RISK
2024-01-25 CVE-2024-22635 Cross-site Scripting vulnerability in Webcalendar Project Webcalendar 1.3.0
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
network
low complexity
webcalendar-project CWE-79
6.1
6.1
2023-01-13 CVE-2023-0289 Cross-site Scripting vulnerability in Webcalendar Project Webcalendar
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
network
low complexity
webcalendar-project CWE-79
5.4
5.4
2020-02-04 CVE-2013-1422 Information Exposure Through Discrepancy vulnerability in Webcalendar Project Webcalendar
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
network
low complexity
webcalendar-project CWE-203
5.3
5.3
2020-01-27 CVE-2012-1496 Injection vulnerability in Webcalendar Project Webcalendar
Local file inclusion in WebCalendar before 1.2.5.
network
low complexity
webcalendar-project CWE-74
8.8
8.8
2020-01-27 CVE-2012-1495 Injection vulnerability in Webcalendar Project Webcalendar
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
network
low complexity
webcalendar-project CWE-74
critical
 9.8
9.8
2017-08-29 CVE-2017-10841 Path Traversal vulnerability in Webcalendar Project Webcalendar 1.2.7
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
network
low complexity
webcalendar-project CWE-22
4.9
4.9
2017-08-29 CVE-2017-10840 Cross-site Scripting vulnerability in Webcalendar Project Webcalendar 1.2.7
Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
webcalendar-project CWE-79
6.1
6.1