Vulnerabilites related to webcalendar_project - webcalendar
CVE-2017-10841 (GCVE-0-2017-10841)
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory traversal
Summary
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN23340457/index.html | third-party-advisory, x_refsource_JVN | |
| https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| k5n.us | WebCalendar |
Version: 1.2.7 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebCalendar",
"vendor": "k5n.us",
"versions": [
{
"status": "affected",
"version": "1.2.7 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebCalendar",
"version": {
"version_data": [
{
"version_value": "1.2.7 and earlier"
}
]
}
}
]
},
"vendor_name": "k5n.us"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23340457",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"name": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8",
"refsource": "MISC",
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10841",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1495 (GCVE-0-2012-1495)
Vulnerability from cvelistv5
Published
2020-01-27 14:39
Modified
2024-08-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/18775 | x_refsource_MISC | |
| https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html | x_refsource_MISC | |
| https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/18775"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:39:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/18775"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"name": "https://www.exploit-db.com/exploits/18775",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/18775"
},
{
"name": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"name": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1495",
"datePublished": "2020-01-27T14:39:11",
"dateReserved": "2012-03-02T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1421 (GCVE-0-2013-1421)
Vulnerability from cvelistv5
Published
2014-04-22 14:00
Modified
2024-08-06 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/ | x_refsource_CONFIRM | |
| http://osvdb.org/90669 | vdb-entry, x_refsource_OSVDB | |
| http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:47.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
},
{
"name": "90669",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-22T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
},
{
"name": "90669",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
},
{
"name": "90669",
"refsource": "OSVDB",
"url": "http://osvdb.org/90669"
},
{
"name": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/",
"refsource": "MISC",
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1421",
"datePublished": "2014-04-22T14:00:00",
"dateReserved": "2013-01-26T00:00:00",
"dateUpdated": "2024-08-06T15:04:47.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10840 (GCVE-0-2017-10840)
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN23340457/index.html | third-party-advisory, x_refsource_JVN | |
| https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| k5n.us | WebCalendar |
Version: 1.2.7 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebCalendar",
"vendor": "k5n.us",
"versions": [
{
"status": "affected",
"version": "1.2.7 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebCalendar",
"version": {
"version_data": [
{
"version_value": "1.2.7 and earlier"
}
]
}
}
]
},
"vendor_name": "k5n.us"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23340457",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"name": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8",
"refsource": "MISC",
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10840",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5385 (GCVE-0-2012-5385)
Vulnerability from cvelistv5
Published
2012-10-11 15:00
Modified
2024-09-17 00:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-11T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2",
"refsource": "CONFIRM",
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5385",
"datePublished": "2012-10-11T15:00:00Z",
"dateReserved": "2012-10-11T00:00:00Z",
"dateUpdated": "2024-09-17T00:11:53.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5384 (GCVE-0-2012-5384)
Vulnerability from cvelistv5
Published
2012-10-11 15:00
Modified
2024-09-16 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download | x_refsource_CONFIRM | |
| http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-11T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5384",
"datePublished": "2012-10-11T15:00:00Z",
"dateReserved": "2012-10-11T00:00:00Z",
"dateUpdated": "2024-09-16T17:54:02.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1496 (GCVE-0-2012-1496)
Vulnerability from cvelistv5
Published
2020-01-27 14:25
Modified
2024-08-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Local file inclusion in WebCalendar before 1.2.5.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local file inclusion in WebCalendar before 1.2.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:25:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local file inclusion in WebCalendar before 1.2.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1496",
"datePublished": "2020-01-27T14:25:10",
"dateReserved": "2012-03-02T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0289 (GCVE-0-2023-0289)
Vulnerability from cvelistv5
Published
2023-01-13 00:00
Modified
2025-04-07 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| craigk5n | craigk5n/webcalendar |
Version: unspecified < master |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:44.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:34:41.600236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:34:55.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "craigk5n/webcalendar",
"vendor": "craigk5n",
"versions": [
{
"lessThan": "master",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361"
},
{
"url": "https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d"
}
],
"source": {
"advisory": "b9584c87-60e8-4a03-9e79-5f1e2d595361",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in craigk5n/webcalendar"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0289",
"datePublished": "2023-01-13T00:00:00.000Z",
"dateReserved": "2023-01-13T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:34:55.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22635 (GCVE-0-2024-22635)
Vulnerability from cvelistv5
Published
2024-01-25 00:00
Modified
2025-06-20 19:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:11.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22635",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-28T17:12:59.986034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:36:03.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T20:20:15.466Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22635",
"datePublished": "2024-01-25T00:00:00.000Z",
"dateReserved": "2024-01-11T00:00:00.000Z",
"dateUpdated": "2025-06-20T19:36:03.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1422 (GCVE-0-2013-1422)
Vulnerability from cvelistv5
Published
2020-02-04 13:39
Modified
2024-08-06 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/07/22/8 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/07/25/4 | x_refsource_MISC | |
| https://www.securityfocus.com/bid/58250/info | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:47.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/58250/info"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "webcalendar before 1.2.7 shows the reason for a failed login (e.g., \"no such user\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T13:39:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/58250/info"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webcalendar before 1.2.7 shows the reason for a failed login (e.g., \"no such user\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/07/22/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/07/25/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"name": "https://www.securityfocus.com/bid/58250/info",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/58250/info"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1422",
"datePublished": "2020-02-04T13:39:27",
"dateReserved": "2013-01-26T00:00:00",
"dateUpdated": "2024-08-06T15:04:47.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-04-22 14:23
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | * | |
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.1.1 | |
| webcalendar_project | webcalendar | 1.1.2 | |
| webcalendar_project | webcalendar | 1.1.3 | |
| webcalendar_project | webcalendar | 1.1.4 | |
| webcalendar_project | webcalendar | 1.1.5 | |
| webcalendar_project | webcalendar | 1.1.6 | |
| webcalendar_project | webcalendar | 1.2 | |
| webcalendar_project | webcalendar | 1.2.0 | |
| webcalendar_project | webcalendar | 1.2.1 | |
| webcalendar_project | webcalendar | 1.2.2 | |
| webcalendar_project | webcalendar | 1.2.3 | |
| webcalendar_project | webcalendar | 1.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "843C5AA0-7B4A-4524-81F5-3BF648DA5F8F",
"versionEndIncluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C15E268-8EB4-47A8-90DC-CD69CD50A841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "91FEC4D3-4834-4280-8303-17DB2AFF5B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A495A3A9-D5D4-4520-BD08-E1ED14739011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A080963-2939-4A64-AB20-88BCAE38493D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91371D-782F-4F37-ACA2-DDCBCA07EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05214A0F-8AF1-411D-A95D-C27E30DDDB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4150C-F794-43E8-8830-306256B762A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7936AA3F-AF11-450E-B4C4-01435362A8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4761E3-3CC3-415C-B465-81D027A8873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "131F1948-C0F4-474B-B56B-B5F475B1E1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE8D526-A7ED-4AAA-9B55-81AFA5761848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AE19F-7C9B-4AB3-8E7F-8FA7EDE0125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8810AF0D-2304-43B7-9507-DD429587E975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EE45F7F3-C367-4E0C-973E-43907482B696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7C9928-8A71-4C39-A690-9E19780E5A52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Craig Knudsen WebCalendar anterior a 1.2.5, 1.2.6 y otros versiones anteriores a 1.2.7 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del campo Category Name hacia category.php."
}
],
"id": "CVE-2013-1421",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-22T14:23:31.753",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90669"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-13 16:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E26A0C7-0003-4F99-9E78-94289A1525D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master."
},
{
"lang": "es",
"value": "Cross-site scripting (XSS) - almacenado en el repositorio de GitHub craigk5n/webcalendar antes del master."
}
],
"id": "CVE-2023-0289",
"lastModified": "2024-11-21T07:36:54.230",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-13T16:15:09.007",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-11 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.1.1 | |
| webcalendar_project | webcalendar | 1.1.2 | |
| webcalendar_project | webcalendar | 1.1.3 | |
| webcalendar_project | webcalendar | 1.1.4 | |
| webcalendar_project | webcalendar | 1.1.5 | |
| webcalendar_project | webcalendar | 1.1.6 | |
| webcalendar_project | webcalendar | 1.2 | |
| webcalendar_project | webcalendar | 1.2.0 | |
| webcalendar_project | webcalendar | 1.2.1 | |
| webcalendar_project | webcalendar | 1.2.2 | |
| webcalendar_project | webcalendar | 1.2.3 | |
| webcalendar_project | webcalendar | 1.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C15E268-8EB4-47A8-90DC-CD69CD50A841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "91FEC4D3-4834-4280-8303-17DB2AFF5B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A495A3A9-D5D4-4520-BD08-E1ED14739011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A080963-2939-4A64-AB20-88BCAE38493D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91371D-782F-4F37-ACA2-DDCBCA07EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05214A0F-8AF1-411D-A95D-C27E30DDDB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4150C-F794-43E8-8830-306256B762A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7936AA3F-AF11-450E-B4C4-01435362A8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4761E3-3CC3-415C-B465-81D027A8873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "131F1948-C0F4-474B-B56B-B5F475B1E1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE8D526-A7ED-4AAA-9B55-81AFA5761848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AE19F-7C9B-4AB3-8E7F-8FA7EDE0125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8810AF0D-2304-43B7-9507-DD429587E975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EE45F7F3-C367-4E0C-973E-43907482B696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC83A8FD-0B1F-43DE-9DD3-EDDE8E8E7DD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference."
},
{
"lang": "es",
"value": "install/index.php en Craig Knudsen WebCalendar anteriores a v1.2.5 permite a atacantes remotos a modificar settings.php y posiblemente ejecutar comandos a trav\u00e9s de vectores relacionados con las preferencias de tema de usuario."
}
],
"id": "CVE-2012-5385",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-11T15:55:03.627",
"references": [
{
"source": "cve@mitre.org",
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8 | Issue Tracking, Patch, Third Party Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN23340457/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN23340457/index.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | 1.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC55852-9F9F-4383-9E66-E0896DDA1AFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en WebCalendar 1.2.7 y en versiones anteriores permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2017-10840",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.140",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-11 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E26A0C7-0003-4F99-9E78-94289A1525D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Craig Knudsen WebCalendar, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de las variables (1) $name o (2) $description en edit_entry_handler.php, o (3) $url, (4) $tempfullname, o (5) $ext_users[] en view_entry.php, son diferentes vectores que CVE-2012-0846."
}
],
"id": "CVE-2012-5384",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-11T15:55:03.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-27 15:15
Modified
2024-11-21 01:37
Severity ?
Summary
Local file inclusion in WebCalendar before 1.2.5.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/ | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95DDCC5A-1C6D-44E5-A362-599C020484D0",
"versionEndExcluding": "1.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local file inclusion in WebCalendar before 1.2.5."
},
{
"lang": "es",
"value": "Una inclusi\u00f3n de archivo local en WebCalendar versiones anteriores a 1.2.5."
}
],
"id": "CVE-2012-1496",
"lastModified": "2024-11-21T01:37:06.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T15:15:11.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-04 14:15
Modified
2024-11-21 01:49
Severity ?
Summary
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2013/07/22/8 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2013/07/25/4 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.securityfocus.com/bid/58250/info | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/07/22/8 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/07/25/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/bid/58250/info | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8321465-A2E3-4953-8FB5-4AE28BCC947B",
"versionEndExcluding": "1.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "webcalendar before 1.2.7 shows the reason for a failed login (e.g., \"no such user\")."
},
{
"lang": "es",
"value": "webcalendar versiones anteriores a 1.2.7, muestra el motivo de un inicio de sesi\u00f3n fallido (por ejemplo, \"no such user\")."
}
],
"id": "CVE-2013-1422",
"lastModified": "2024-11-21T01:49:33.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-04T14:15:11.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/58250/info"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/58250/info"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-25 21:15
Modified
2025-06-20 20:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | 1.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "69E01876-DFE5-416A-AE98-5A06806921E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que WebCalendar v1.3.0 conten\u00eda una vulnerabilidad de cross site scripting (XSS) reflejado a trav\u00e9s del componente /WebCalendarvqsmnseug2/edit_entry.php."
}
],
"id": "CVE-2024-22635",
"lastModified": "2025-06-20T20:15:29.483",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-25T21:15:09.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2025-04-20 01:37
Severity ?
Summary
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8 | Issue Tracking, Patch, Third Party Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN23340457/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN23340457/index.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | 1.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC55852-9F9F-4383-9E66-E0896DDA1AFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en WebCalendar 1.2.7 y en versiones anteriores permite que un atacante autenticado lea archivos arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2017-10841",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.187",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-27 15:15
Modified
2024-11-21 01:37
Severity ?
Summary
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95DDCC5A-1C6D-44E5-A362-599C020484D0",
"versionEndExcluding": "1.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter."
},
{
"lang": "es",
"value": "El archivo install/index.php en WebCalendar versiones anteriores a 1.2.5, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro form_single_user_login."
}
],
"id": "CVE-2012-1495",
"lastModified": "2024-11-21T01:37:05.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T15:15:11.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/18775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/18775"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}