Vulnerabilities > Webcalendar Project > Webcalendar > 1.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-04 | CVE-2013-1422 | Information Exposure Through Discrepancy vulnerability in Webcalendar Project Webcalendar webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user"). | 5.0 |
2020-01-27 | CVE-2012-1496 | Injection vulnerability in Webcalendar Project Webcalendar Local file inclusion in WebCalendar before 1.2.5. | 6.5 |
2020-01-27 | CVE-2012-1495 | Injection vulnerability in Webcalendar Project Webcalendar install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | 7.5 |
2014-04-22 | CVE-2013-1421 | Cross-Site Scripting vulnerability in Webcalendar Project Webcalendar Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php. | 4.3 |
2012-10-11 | CVE-2012-5385 | Permissions, Privileges, and Access Controls vulnerability in Webcalendar Project Webcalendar install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference. | 7.5 |