Webcalendar Project Webcalendar — known CVE vulnerabilities
Every CVE whose affected-product data names Webcalendar Project Webcalendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2012-1495 — CVSS 9.8 (critical): install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
CVE-2012-5385 — CVSS 7.5 (high): install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary…
CVE-2024-22635 — CVSS 6.1 (medium): WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/e…
CVE-2017-10840 — CVSS 6.1 (medium): Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via…
CVE-2017-10841 — CVSS 4.9 (medium): Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified…
CVE-2012-5384 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or…
CVE-2013-1421 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote…