Luxsoft Luxcal Web Calendar — known CVE vulnerabilities
Every CVE whose affected-product data names Luxsoft Luxcal Web Calendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-25221 — CVSS 9.8 (critical): The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in…
CVE-2023-46700 — CVSS 9.8 (critical): SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version)…
CVE-2025-25222 — CVSS 9.8 (critical): The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in…
CVE-2023-39939 — CVSS 9.1 (critical): SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version)…
CVE-2025-25224 — CVSS 7.5 (high): The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication…
CVE-2023-47175 — CVSS 6.1 (medium): Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite…
CVE-2023-39543 — CVSS 6.1 (medium): Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite…
CVE-2025-25223 — CVSS 5.3 (medium): The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in…