Vendor coverage

webcalendar_project vulnerabilities

Track published CVEs, severity trends, and remediation context for webcalendar_project products.

RSS

Total vulnerabilities

Critical issues

Average CVSS score

6.3

Search results

Filtered vulnerability results

Showing 1-10 of 10 vulnerabilities.

Sort current page

CVE-2024-22635MediumCVSS6.1Published Jan 25, 2024

WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.

Affected vendor

webcalendar project

Affected product

webcalendar

Coverage

Single affected product entry

CVSS

6.1

MEDIUM

Published

Jan 25, 2024

CVE-2023-0289MediumCVSS5.4Published Jan 13, 2023

Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.

Affected vendor

webcalendar project

Affected product

webcalendar

Coverage

Single affected product entry

CVSS

5.4

MEDIUM

Published

Jan 13, 2023

CVE-2013-1422MediumCVSS5.3Published Feb 4, 2020

webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").

Affected vendor

webcalendar project

Affected product

webcalendar

Coverage

Single affected product entry

CVSS

5.3

MEDIUM

Published

Feb 4, 2020

CVE-2012-1496HighCVSS8.8Published Jan 27, 2020

Local file inclusion in WebCalendar before 1.2.5.

Affected vendor

webcalendar project

Affected product

webcalendar

Coverage

Single affected product entry

CVSS

8.8

HIGH

Published

Jan 27, 2020

CVE-2012-1495CriticalCVSS9.8Published Jan 27, 2020

install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.

Affected vendor

webcalendar project

Affected product

webcalendar

Coverage

Single affected product entry

CVSS

9.8

CRITICAL

Published

Jan 27, 2020

CVE-2017-10841MediumCVSS4.9Published Aug 29, 2017

Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.

Affected vendor

webcalendar project

Affected product

webcalendar

Coverage

Single affected product entry

CVSS

4.9

MEDIUM

Published

Aug 29, 2017

CVE-2017-10840MediumCVSS6.1Published Aug 29, 2017

Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

Affected vendor

webcalendar project

Affected product

webcalendar

Coverage

Single affected product entry

CVSS

6.1

MEDIUM

Published

Aug 29, 2017

CVE-2013-1421UnknownCVSS4.3Published Apr 22, 2014

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

Affected vendor

webcalendar project

Affected product

webcalendar

Coverage

16 affected product entries

CVSS

4.3

UNKNOWN

Published

Apr 22, 2014

CVE-2012-5385UnknownCVSS7.5Published Oct 11, 2012

install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.

Affected vendor

webcalendar project

Affected product

webcalendar

Coverage

15 affected product entries

CVSS

7.5

UNKNOWN

Published

Oct 11, 2012

CVE-2012-5384UnknownCVSS4.3Published Oct 11, 2012

Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.

Affected vendor

webcalendar project

Affected product

webcalendar

Coverage

Single affected product entry

CVSS

4.3

UNKNOWN

Published

Oct 11, 2012