Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-0252
SQL injection vulnerability in Benders Calendar 1.0 allows remote malicious users to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.
Benders Calendar Benders Calendar
4.3
CVSSv2
CVE-2017-6485
A Cross-Site Scripting (XSS) issue exists in php-calendar prior to 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script...
Php-calendar Php-calendar
NA
CVE-2023-47609
SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated malicious user to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.
Oss-calendar Oss Calendar
NA
CVE-2022-4455
A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remot...
Php-calendar Php-calendar
5
CVSSv2
CVE-2007-0928
Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download an encoded password via a direct request for pwd.txt.
Virtual Calendar Virtual Calendar
5
CVSSv2
CVE-2002-1626
Directory traversal vulnerability in Mike Spice My Calendar prior to 1.5 allows remote malicious users to write arbitrary files via .. (dot dot) sequences in a URL.
Mike Spice My Calendar 1.3
Mike Spice My Calendar 1.4
Mike Spice My Calendar 1.1
Mike Spice My Calendar 1.2
Mike Spice My Calendar 1.0
NA
CVE-2022-45814
Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions.
Wp Calendar Project Wp Calendar
NA
CVE-2023-36384
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.
Booking Calendar Project Booking Calendar
6.5
CVSSv2
CVE-2021-24553
The Timeline Calendar WordPress plugin up to and including 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin
Timeline Calendar Project Timeline Calendar
4.3
CVSSv2
CVE-2021-25040
The Booking Calendar WordPress plugin prior to 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Booking Calendar Project Booking Calendar
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »