Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
luxsoft the luxcal web calendar vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-39543
Cross-site scripting vulnerability in LuxCal Web Calendar before 5.2.3M (MySQL version) and LuxCal Web Calendar before 5.2.3L (SQLite version) allows a remote unauthenticated malicious user to execute an arbitrary script on the web browser of the user who is using the product.
Luxsoft Luxcal Web Calendar
6.1
CVSSv3
CVE-2023-47175
Cross-site scripting vulnerability in LuxCal Web Calendar before 5.2.4M (MySQL version) and LuxCal Web Calendar before 5.2.4L (SQLite version) allows a remote unauthenticated malicious user to execute an arbitrary script on the web browser of the user who is accessing the product...
Luxsoft Luxcal Web Calendar
9.1
CVSSv3
CVE-2023-39939
SQL injection vulnerability in LuxCal Web Calendar before 5.2.3M (MySQL version) and LuxCal Web Calendar before 5.2.3L (SQLite version) allows a remote unauthenticated malicious user to execute arbitrary queries against the database and obtain or alter the information in it.
Luxsoft Luxcal Web Calendar
9.8
CVSSv3
CVE-2023-46700
SQL injection vulnerability in LuxCal Web Calendar before 5.2.4M (MySQL version) and LuxCal Web Calendar before 5.2.4L (SQLite version) allows a remote unauthenticated malicious user to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information...
Luxsoft Luxcal Web Calendar
7.3
CVSSv3
CVE-2025-25221
The LuxCal Web Calendar before 5.3.3M (MySQL version) and before 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.
Luxsoft The Luxcal Web Calendar
7.3
CVSSv3
CVE-2025-25222
The LuxCal Web Calendar before 5.3.3M (MySQL version) and before 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.
Luxsoft The Luxcal Web Calendar
5.8
CVSSv3
CVE-2025-25223
The LuxCal Web Calendar before 5.3.3M (MySQL version) and before 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
Luxsoft The Luxcal Web Calendar
5.3
CVSSv3
CVE-2025-25224
The LuxCal Web Calendar before 5.3.3M (MySQL version) and before 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
Luxsoft The Luxcal Web Calendar
9.8
CVSSv3
CVE-2021-45915
In LuxSoft LuxCal Web Calendar prior to 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.
Luxsoft Luxcal
9.8
CVSSv3
CVE-2021-45914
In LuxSoft LuxCal Web Calendar prior to 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.
Luxsoft Luxcal
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-46541
gopiplus@hotmail.com
CVE-2025-46461
privilege
CVE-2025-46473
CVE-2025-30406
trân minh-quân
XSS
deserialization
CVE-2025-46507
wp filter post category
CVE-2025-21204
padam shankhadev
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
Vulmon