Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webcalendar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0289
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
Webcalendar Project Webcalendar -
6.4
CVSSv2
CVE-2005-0474
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote malicious users to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
Webcalendar Webcalendar 0.9.45
7.5
CVSSv2
CVE-2005-2717
PHP remote file inclusion vulnerability in WebCalendar prior to 1.0.1 allows remote malicious users to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.
Webcalendar Webcalendar 1.0.0
6.4
CVSSv2
CVE-2006-2762
PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote malicious users to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting t...
Webcalendar Webcalendar 1.0.3
2.1
CVSSv2
CVE-2007-6696
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote malicious users to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authe...
Webcalendar Webcalendar 1.1.6
2 EDB exploits
4.3
CVSSv2
CVE-2017-10840
Cross-site scripting vulnerability in WebCalendar 1.2.7 and previous versions allows an malicious user to inject arbitrary web script or HTML via unspecified vectors.
Webcalendar Project Webcalendar 1.2.7
4
CVSSv2
CVE-2017-10841
Directory traversal vulnerability in WebCalendar 1.2.7 and previous versions allows authenticated malicious users to read arbitrary files via unspecified vectors.
Webcalendar Project Webcalendar 1.2.7
NA
CVE-2024-22635
WebCalendar v1.3.0 exists to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
Webcalendar Project Webcalendar 1.3.0
7.5
CVSSv2
CVE-2008-1954
SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the user_id parameter.
Webcalendar Web Calendar Pro 4.0
Webcalendar Web Calendar Pro
1 EDB exploit
6.8
CVSSv2
CVE-2010-0638
Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote malicious users to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the det...
K5n Webcalendar 1.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »