Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webcalendar vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2013-1422
webcalendar prior to 1.2.7 shows the reason for a failed login (e.g., "no such user").
Webcalendar Project Webcalendar
NA
CVE-2005-2717
PHP remote file inclusion vulnerability in WebCalendar prior to 1.0.1 allows remote malicious users to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.
Webcalendar Webcalendar 1.0.0
NA
CVE-2007-6696
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote malicious users to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authe...
Webcalendar Webcalendar 1.1.6
2 EDB exploits
5.4
CVSSv3
CVE-2023-0289
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
Webcalendar Project Webcalendar -
NA
CVE-2006-1537
Craig Knudsen WebCalendar 1.1.0-CVS allows remote malicious users to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/in...
Webcalendar Webcalendar 1.1.0
4.9
CVSSv3
CVE-2017-10841
Directory traversal vulnerability in WebCalendar 1.2.7 and previous versions allows authenticated malicious users to read arbitrary files via unspecified vectors.
Webcalendar Project Webcalendar 1.2.7
6.1
CVSSv3
CVE-2017-10840
Cross-site scripting vulnerability in WebCalendar 1.2.7 and previous versions allows an malicious user to inject arbitrary web script or HTML via unspecified vectors.
Webcalendar Project Webcalendar 1.2.7
6.1
CVSSv3
CVE-2024-22635
WebCalendar v1.3.0 exists to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
Webcalendar Project Webcalendar 1.3.0
NA
CVE-2008-1954
SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the user_id parameter.
Webcalendar Web Calendar Pro 4.0
Webcalendar Web Calendar Pro
1 EDB exploit
NA
CVE-2011-3814
WebCalendar 1.2.3, and other versions prior to 1.2.5, allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ws/user_mod.php and certain other files.
K5n Webcalendar 1.2.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »