Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-4455
A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remot...
Php-calendar Php-calendar
6.1
CVSSv3
CVE-2017-6485
A Cross-Site Scripting (XSS) issue exists in php-calendar prior to 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script...
Php-calendar Php-calendar
8.8
CVSSv3
CVE-2023-47609
SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated malicious user to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.
Oss-calendar Oss Calendar
NA
CVE-2007-0928
Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download an encoded password via a direct request for pwd.txt.
Virtual Calendar Virtual Calendar
NA
CVE-2006-0252
SQL injection vulnerability in Benders Calendar 1.0 allows remote malicious users to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.
Benders Calendar Benders Calendar
NA
CVE-2002-1626
Directory traversal vulnerability in Mike Spice My Calendar prior to 1.5 allows remote malicious users to write arbitrary files via .. (dot dot) sequences in a URL.
Mike Spice My Calendar 1.3
Mike Spice My Calendar 1.4
Mike Spice My Calendar 1.1
Mike Spice My Calendar 1.2
Mike Spice My Calendar 1.0
6.1
CVSSv3
CVE-2021-25040
The Booking Calendar WordPress plugin prior to 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Booking Calendar Project Booking Calendar
5.3
CVSSv3
CVE-2017-2150
Directory traversal vulnerability in Booking Calendar version 7.0 and previous versions allows remote malicious users to read arbitrary files via specially crafted captcha_chalange parameter.
Booking Calendar Project Booking Calendar
6.1
CVSSv3
CVE-2017-2151
Cross-site scripting vulnerability in Booking Calendar version 7.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Booking Calendar Project Booking Calendar
6.1
CVSSv3
CVE-2023-36384
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.
Booking Calendar Project Booking Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »