K5n Webcalendar
8 CVEs affecting K5n Webcalendar. Latest disclosed: 2024-11-15. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-1097 | Medium | 5.4 | 2024-11-15 | A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while… |
CVE-2012-0846 | | 2012-10-08 | Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location var… | |
CVE-2011-3814 | | 2011-09-24 | WebCalendar 1.2.3, and other versions before 1.2.5, allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals… | |
CVE-2010-0638 | | 2010-02-15 | Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that c… | |
CVE-2010-0637 | | 2010-02-12 | Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authenti… | |
CVE-2010-0636 | | 2010-02-12 | Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web scrip… | |
CVE-2008-2836 | | 2008-06-24 | PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the inclu… | |
CVE-2007-1483 | | 2007-03-16 | Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir param… |