Webcalendar » Webcalendar » 0.9.26 : Security Vulnerabilities, CVEs,
WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.
Max CVSS
7.5
EPSS Score
0.31%
Published
2005-07-19
Updated
2008-09-05
init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.
Max CVSS
7.5
EPSS Score
1.08%
Published
2004-12-31
Updated
2017-07-11
CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server.
Max CVSS
5.0
EPSS Score
0.55%
Published
2004-12-31
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.
Max CVSS
4.3
EPSS Score
0.35%
Published
2004-12-31
Updated
2017-07-11
Vulnerability in WebCalendar 0.9.26 allows remote command execution.
Max CVSS
7.5
EPSS Score
0.19%
Published
2001-06-27
Updated
2008-09-05
5 vulnerabilities found