WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote malicious users to enumerate valid usernames.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webcalendar webcalendar 1.0.1 |
||
webcalendar webcalendar 1.0.2 |
||
webcalendar webcalendar 1.0.3 |