Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2018-5672
An issue exists in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter.
Booking Calendar Project Booking Calendar 2.1.7
605
VMScore
CVE-2018-5673
An issue exists in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.
Booking Calendar Project Booking Calendar 2.1.7
383
VMScore
CVE-2016-3436
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote malicious users to affect confidentiality and integrity via vectors related to Tasks.
Oracle Common Applications Calendar 12.1.1
Oracle Common Applications Calendar 12.1.3
Oracle Common Applications Calendar 12.1.2
383
VMScore
CVE-2014-7138
Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin prior to 2.0.4 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.
Google Calendar Events Project Google Calendar Events
755
VMScore
CVE-2006-1252
Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote malicious users to execute arbitrary PHP code via the date parameter to index.php.
Light Weight Calendar Light Weight Calendar 1.0
1 EDB exploit
755
VMScore
CVE-2006-0206
Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and previous versions allows remote malicious users to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.
Light Weight Calendar Light Weight Calendar 1.0
1 EDB exploit
755
VMScore
CVE-2006-5426
PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote malicious users to execute arbitrary PHP code via a URL in the LIBDIR parameter.
Local Calendar System Local Calendar System 1.1
1 EDB exploit
NA
CVE-2023-31093
Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions.
Chronosly-events-calendar Project Chronosly-events-calendar
NA
CVE-2023-37970
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Matthew Fries MF Gig Calendar plugin <= 1.2 versions.
Mf Gig Calendar Project Mf Gig Calendar
383
VMScore
CVE-2021-24510
The MF Gig Calendar WordPress plugin prior to 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue
Mf Gig Calendar Project Mf Gig Calendar
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »