Every CVE whose affected-product data names K5n Webcalendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2007-1483 — CVSS 7.5 (high): Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in…
CVE-2008-2836 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code…
CVE-2010-0638 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators…
CVE-2010-0637 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to…
CVE-2024-1097 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report…
CVE-2011-3814 — CVSS 5.0 (medium): WebCalendar 1.2.3, and other versions before 1.2.5, allows remote attackers to obtain sensitive information via a direct request to a .php…
CVE-2010-0636 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject…
CVE-2012-0846 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML…