Vincent Hor » Calendarix Advanced : Security Vulnerabilities, CVEs, Published In 2005
Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.
Max CVSS
4.3
EPSS Score
0.21%
Published
2005-05-31
Updated
2008-09-05
Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.
Max CVSS
7.5
EPSS Score
1.07%
Published
2005-06-09
Updated
2008-09-05
PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.
Max CVSS
5.0
EPSS Score
0.41%
Published
2005-06-09
Updated
2008-09-05
3 vulnerabilities found