Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-34667
The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.0.
Calendar Plugin Project Calendar Plugin
NA
CVE-2023-23813
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions.
My Calendar Project My Calendar
3.5
CVSSv2
CVE-2018-3763
In Nextcloud Calendar prior to 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by pr...
Nextcloud Calendar
Nextcloud Calendar 1.6.0
3.5
CVSSv2
CVE-2020-23762
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote malicious users to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.
Larsens Calendar Project Larsens Calendar
4.3
CVSSv2
CVE-2019-15713
The my-calendar plugin prior to 3.1.10 for WordPress has XSS.
My Calendar Project My Calendar
6.5
CVSSv2
CVE-2022-1463
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.
Booking Calendar Project Booking Calendar
7.5
CVSSv2
CVE-2005-4008
SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote malicious users to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters.
Jax Calendar Jax Calendar 1.34
5
CVSSv2
CVE-2017-2150
Directory traversal vulnerability in Booking Calendar version 7.0 and previous versions allows remote malicious users to read arbitrary files via specially crafted captcha_chalange parameter.
Booking Calendar Project Booking Calendar
NA
CVE-2022-2314
The VR Calendar WordPress plugin up to and including 2.3.2 lets any user execute arbitrary PHP functions on the site.
Vr Calendar Project Vr Calendar
3.5
CVSSv2
CVE-2021-24927
The My Calendar WordPress plugin prior to 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
My Calendar Project My Calendar
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »