RSS   Podatności dla 'Webcalendar'   RSS

2014-04-22
 
CVE-2013-1421

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

 
2012-10-11
 
CVE-2012-5385

CWE-264
 

 
install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.

 
 
CVE-2012-5384

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.

 


Copyright 2024, cxsecurity.com

 

Back to Top