Search criteria
30 vulnerabilities found for webcalendar by webcalendar_project
FKIE_CVE-2024-22635
Vulnerability from fkie_nvd - Published: 2024-01-25 21:15 - Updated: 2025-06-20 20:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | 1.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "69E01876-DFE5-416A-AE98-5A06806921E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que WebCalendar v1.3.0 conten\u00eda una vulnerabilidad de cross site scripting (XSS) reflejado a trav\u00e9s del componente /WebCalendarvqsmnseug2/edit_entry.php."
}
],
"id": "CVE-2024-22635",
"lastModified": "2025-06-20T20:15:29.483",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-25T21:15:09.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-0289
Vulnerability from fkie_nvd - Published: 2023-01-13 16:15 - Updated: 2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E26A0C7-0003-4F99-9E78-94289A1525D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master."
},
{
"lang": "es",
"value": "Cross-site scripting (XSS) - almacenado en el repositorio de GitHub craigk5n/webcalendar antes del master."
}
],
"id": "CVE-2023-0289",
"lastModified": "2024-11-21T07:36:54.230",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-13T16:15:09.007",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
FKIE_CVE-2013-1422
Vulnerability from fkie_nvd - Published: 2020-02-04 14:15 - Updated: 2024-11-21 01:49
Severity ?
Summary
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2013/07/22/8 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2013/07/25/4 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.securityfocus.com/bid/58250/info | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/07/22/8 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/07/25/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/bid/58250/info | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8321465-A2E3-4953-8FB5-4AE28BCC947B",
"versionEndExcluding": "1.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "webcalendar before 1.2.7 shows the reason for a failed login (e.g., \"no such user\")."
},
{
"lang": "es",
"value": "webcalendar versiones anteriores a 1.2.7, muestra el motivo de un inicio de sesi\u00f3n fallido (por ejemplo, \"no such user\")."
}
],
"id": "CVE-2013-1422",
"lastModified": "2024-11-21T01:49:33.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-04T14:15:11.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/58250/info"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/58250/info"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-1496
Vulnerability from fkie_nvd - Published: 2020-01-27 15:15 - Updated: 2024-11-21 01:37
Severity ?
Summary
Local file inclusion in WebCalendar before 1.2.5.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/ | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95DDCC5A-1C6D-44E5-A362-599C020484D0",
"versionEndExcluding": "1.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local file inclusion in WebCalendar before 1.2.5."
},
{
"lang": "es",
"value": "Una inclusi\u00f3n de archivo local en WebCalendar versiones anteriores a 1.2.5."
}
],
"id": "CVE-2012-1496",
"lastModified": "2024-11-21T01:37:06.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T15:15:11.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-1495
Vulnerability from fkie_nvd - Published: 2020-01-27 15:15 - Updated: 2024-11-21 01:37
Severity ?
Summary
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95DDCC5A-1C6D-44E5-A362-599C020484D0",
"versionEndExcluding": "1.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter."
},
{
"lang": "es",
"value": "El archivo install/index.php en WebCalendar versiones anteriores a 1.2.5, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro form_single_user_login."
}
],
"id": "CVE-2012-1495",
"lastModified": "2024-11-21T01:37:05.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T15:15:11.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/18775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/18775"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-10840
Vulnerability from fkie_nvd - Published: 2017-08-29 01:35 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8 | Issue Tracking, Patch, Third Party Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN23340457/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN23340457/index.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | 1.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC55852-9F9F-4383-9E66-E0896DDA1AFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en WebCalendar 1.2.7 y en versiones anteriores permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2017-10840",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.140",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-10841
Vulnerability from fkie_nvd - Published: 2017-08-29 01:35 - Updated: 2025-04-20 01:37
Severity ?
Summary
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8 | Issue Tracking, Patch, Third Party Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN23340457/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN23340457/index.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | 1.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC55852-9F9F-4383-9E66-E0896DDA1AFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en WebCalendar 1.2.7 y en versiones anteriores permite que un atacante autenticado lea archivos arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2017-10841",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.187",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1421
Vulnerability from fkie_nvd - Published: 2014-04-22 14:23 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | * | |
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.1.1 | |
| webcalendar_project | webcalendar | 1.1.2 | |
| webcalendar_project | webcalendar | 1.1.3 | |
| webcalendar_project | webcalendar | 1.1.4 | |
| webcalendar_project | webcalendar | 1.1.5 | |
| webcalendar_project | webcalendar | 1.1.6 | |
| webcalendar_project | webcalendar | 1.2 | |
| webcalendar_project | webcalendar | 1.2.0 | |
| webcalendar_project | webcalendar | 1.2.1 | |
| webcalendar_project | webcalendar | 1.2.2 | |
| webcalendar_project | webcalendar | 1.2.3 | |
| webcalendar_project | webcalendar | 1.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "843C5AA0-7B4A-4524-81F5-3BF648DA5F8F",
"versionEndIncluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C15E268-8EB4-47A8-90DC-CD69CD50A841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "91FEC4D3-4834-4280-8303-17DB2AFF5B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A495A3A9-D5D4-4520-BD08-E1ED14739011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A080963-2939-4A64-AB20-88BCAE38493D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91371D-782F-4F37-ACA2-DDCBCA07EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05214A0F-8AF1-411D-A95D-C27E30DDDB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4150C-F794-43E8-8830-306256B762A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7936AA3F-AF11-450E-B4C4-01435362A8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4761E3-3CC3-415C-B465-81D027A8873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "131F1948-C0F4-474B-B56B-B5F475B1E1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE8D526-A7ED-4AAA-9B55-81AFA5761848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AE19F-7C9B-4AB3-8E7F-8FA7EDE0125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8810AF0D-2304-43B7-9507-DD429587E975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EE45F7F3-C367-4E0C-973E-43907482B696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7C9928-8A71-4C39-A690-9E19780E5A52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Craig Knudsen WebCalendar anterior a 1.2.5, 1.2.6 y otros versiones anteriores a 1.2.7 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del campo Category Name hacia category.php."
}
],
"id": "CVE-2013-1421",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-22T14:23:31.753",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90669"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5384
Vulnerability from fkie_nvd - Published: 2012-10-11 15:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E26A0C7-0003-4F99-9E78-94289A1525D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Craig Knudsen WebCalendar, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de las variables (1) $name o (2) $description en edit_entry_handler.php, o (3) $url, (4) $tempfullname, o (5) $ext_users[] en view_entry.php, son diferentes vectores que CVE-2012-0846."
}
],
"id": "CVE-2012-5384",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-11T15:55:03.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5385
Vulnerability from fkie_nvd - Published: 2012-10-11 15:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.0 | |
| webcalendar_project | webcalendar | 1.1.1 | |
| webcalendar_project | webcalendar | 1.1.2 | |
| webcalendar_project | webcalendar | 1.1.3 | |
| webcalendar_project | webcalendar | 1.1.4 | |
| webcalendar_project | webcalendar | 1.1.5 | |
| webcalendar_project | webcalendar | 1.1.6 | |
| webcalendar_project | webcalendar | 1.2 | |
| webcalendar_project | webcalendar | 1.2.0 | |
| webcalendar_project | webcalendar | 1.2.1 | |
| webcalendar_project | webcalendar | 1.2.2 | |
| webcalendar_project | webcalendar | 1.2.3 | |
| webcalendar_project | webcalendar | 1.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C15E268-8EB4-47A8-90DC-CD69CD50A841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "91FEC4D3-4834-4280-8303-17DB2AFF5B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A495A3A9-D5D4-4520-BD08-E1ED14739011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A080963-2939-4A64-AB20-88BCAE38493D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C91371D-782F-4F37-ACA2-DDCBCA07EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05214A0F-8AF1-411D-A95D-C27E30DDDB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4150C-F794-43E8-8830-306256B762A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7936AA3F-AF11-450E-B4C4-01435362A8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4761E3-3CC3-415C-B465-81D027A8873F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "131F1948-C0F4-474B-B56B-B5F475B1E1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BE8D526-A7ED-4AAA-9B55-81AFA5761848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2AE19F-7C9B-4AB3-8E7F-8FA7EDE0125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8810AF0D-2304-43B7-9507-DD429587E975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EE45F7F3-C367-4E0C-973E-43907482B696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC83A8FD-0B1F-43DE-9DD3-EDDE8E8E7DD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference."
},
{
"lang": "es",
"value": "install/index.php en Craig Knudsen WebCalendar anteriores a v1.2.5 permite a atacantes remotos a modificar settings.php y posiblemente ejecutar comandos a trav\u00e9s de vectores relacionados con las preferencias de tema de usuario."
}
],
"id": "CVE-2012-5385",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-11T15:55:03.627",
"references": [
{
"source": "cve@mitre.org",
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-22635 (GCVE-0-2024-22635)
Vulnerability from cvelistv5 – Published: 2024-01-25 00:00 – Updated: 2025-06-20 19:36
VLAI?
Summary
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:11.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22635",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-28T17:12:59.986034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:36:03.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T20:20:15.466Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22635",
"datePublished": "2024-01-25T00:00:00.000Z",
"dateReserved": "2024-01-11T00:00:00.000Z",
"dateUpdated": "2025-06-20T19:36:03.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0289 (GCVE-0-2023-0289)
Vulnerability from cvelistv5 – Published: 2023-01-13 00:00 – Updated: 2025-04-07 15:34
VLAI?
Title
Cross-site Scripting (XSS) - Stored in craigk5n/webcalendar
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
Severity ?
7.6 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| craigk5n | craigk5n/webcalendar |
Affected:
unspecified , < master
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:44.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:34:41.600236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:34:55.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "craigk5n/webcalendar",
"vendor": "craigk5n",
"versions": [
{
"lessThan": "master",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361"
},
{
"url": "https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d"
}
],
"source": {
"advisory": "b9584c87-60e8-4a03-9e79-5f1e2d595361",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in craigk5n/webcalendar"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0289",
"datePublished": "2023-01-13T00:00:00.000Z",
"dateReserved": "2023-01-13T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:34:55.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1422 (GCVE-0-2013-1422)
Vulnerability from cvelistv5 – Published: 2020-02-04 13:39 – Updated: 2024-08-06 15:04
VLAI?
Summary
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:47.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/58250/info"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "webcalendar before 1.2.7 shows the reason for a failed login (e.g., \"no such user\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T13:39:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/58250/info"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webcalendar before 1.2.7 shows the reason for a failed login (e.g., \"no such user\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/07/22/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/07/25/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"name": "https://www.securityfocus.com/bid/58250/info",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/58250/info"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1422",
"datePublished": "2020-02-04T13:39:27",
"dateReserved": "2013-01-26T00:00:00",
"dateUpdated": "2024-08-06T15:04:47.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1495 (GCVE-0-2012-1495)
Vulnerability from cvelistv5 – Published: 2020-01-27 14:39 – Updated: 2024-08-06 19:01
VLAI?
Summary
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/18775"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:39:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/18775"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"name": "https://www.exploit-db.com/exploits/18775",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/18775"
},
{
"name": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"name": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1495",
"datePublished": "2020-01-27T14:39:11",
"dateReserved": "2012-03-02T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1496 (GCVE-0-2012-1496)
Vulnerability from cvelistv5 – Published: 2020-01-27 14:25 – Updated: 2024-08-06 19:01
VLAI?
Summary
Local file inclusion in WebCalendar before 1.2.5.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local file inclusion in WebCalendar before 1.2.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:25:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local file inclusion in WebCalendar before 1.2.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1496",
"datePublished": "2020-01-27T14:25:10",
"dateReserved": "2012-03-02T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10841 (GCVE-0-2017-10841)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Directory traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| k5n.us | WebCalendar |
Affected:
1.2.7 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebCalendar",
"vendor": "k5n.us",
"versions": [
{
"status": "affected",
"version": "1.2.7 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebCalendar",
"version": {
"version_data": [
{
"version_value": "1.2.7 and earlier"
}
]
}
}
]
},
"vendor_name": "k5n.us"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23340457",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"name": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8",
"refsource": "MISC",
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10841",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10840 (GCVE-0-2017-10840)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| k5n.us | WebCalendar |
Affected:
1.2.7 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebCalendar",
"vendor": "k5n.us",
"versions": [
{
"status": "affected",
"version": "1.2.7 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebCalendar",
"version": {
"version_data": [
{
"version_value": "1.2.7 and earlier"
}
]
}
}
]
},
"vendor_name": "k5n.us"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23340457",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"name": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8",
"refsource": "MISC",
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10840",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1421 (GCVE-0-2013-1421)
Vulnerability from cvelistv5 – Published: 2014-04-22 14:00 – Updated: 2024-08-06 15:04
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:47.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
},
{
"name": "90669",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-22T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
},
{
"name": "90669",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
},
{
"name": "90669",
"refsource": "OSVDB",
"url": "http://osvdb.org/90669"
},
{
"name": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/",
"refsource": "MISC",
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1421",
"datePublished": "2014-04-22T14:00:00",
"dateReserved": "2013-01-26T00:00:00",
"dateUpdated": "2024-08-06T15:04:47.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5385 (GCVE-0-2012-5385)
Vulnerability from cvelistv5 – Published: 2012-10-11 15:00 – Updated: 2024-09-17 00:11
VLAI?
Summary
install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-11T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2",
"refsource": "CONFIRM",
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5385",
"datePublished": "2012-10-11T15:00:00Z",
"dateReserved": "2012-10-11T00:00:00Z",
"dateUpdated": "2024-09-17T00:11:53.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5384 (GCVE-0-2012-5384)
Vulnerability from cvelistv5 – Published: 2012-10-11 15:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-11T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5384",
"datePublished": "2012-10-11T15:00:00Z",
"dateReserved": "2012-10-11T00:00:00Z",
"dateUpdated": "2024-09-16T17:54:02.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22635 (GCVE-0-2024-22635)
Vulnerability from nvd – Published: 2024-01-25 00:00 – Updated: 2025-06-20 19:36
VLAI?
Summary
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:11.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22635",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-28T17:12:59.986034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:36:03.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T20:20:15.466Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22635",
"datePublished": "2024-01-25T00:00:00.000Z",
"dateReserved": "2024-01-11T00:00:00.000Z",
"dateUpdated": "2025-06-20T19:36:03.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0289 (GCVE-0-2023-0289)
Vulnerability from nvd – Published: 2023-01-13 00:00 – Updated: 2025-04-07 15:34
VLAI?
Title
Cross-site Scripting (XSS) - Stored in craigk5n/webcalendar
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
Severity ?
7.6 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| craigk5n | craigk5n/webcalendar |
Affected:
unspecified , < master
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:44.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:34:41.600236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:34:55.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "craigk5n/webcalendar",
"vendor": "craigk5n",
"versions": [
{
"lessThan": "master",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b9584c87-60e8-4a03-9e79-5f1e2d595361"
},
{
"url": "https://github.com/craigk5n/webcalendar/commit/7906b4924c2dc3727c3540682f432ebbb93f810d"
}
],
"source": {
"advisory": "b9584c87-60e8-4a03-9e79-5f1e2d595361",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in craigk5n/webcalendar"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0289",
"datePublished": "2023-01-13T00:00:00.000Z",
"dateReserved": "2023-01-13T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:34:55.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1422 (GCVE-0-2013-1422)
Vulnerability from nvd – Published: 2020-02-04 13:39 – Updated: 2024-08-06 15:04
VLAI?
Summary
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:47.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/58250/info"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "webcalendar before 1.2.7 shows the reason for a failed login (e.g., \"no such user\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T13:39:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/58250/info"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webcalendar before 1.2.7 shows the reason for a failed login (e.g., \"no such user\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/07/22/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/07/22/8"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/07/25/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/07/25/4"
},
{
"name": "https://www.securityfocus.com/bid/58250/info",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/58250/info"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1422",
"datePublished": "2020-02-04T13:39:27",
"dateReserved": "2013-01-26T00:00:00",
"dateUpdated": "2024-08-06T15:04:47.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1495 (GCVE-0-2012-1495)
Vulnerability from nvd – Published: 2020-01-27 14:39 – Updated: 2024-08-06 19:01
VLAI?
Summary
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/18775"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:39:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/18775"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
},
{
"name": "https://www.exploit-db.com/exploits/18775",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/18775"
},
{
"name": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html"
},
{
"name": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1495",
"datePublished": "2020-01-27T14:39:11",
"dateReserved": "2012-03-02T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1496 (GCVE-0-2012-1496)
Vulnerability from nvd – Published: 2020-01-27 14:25 – Updated: 2024-08-06 19:01
VLAI?
Summary
Local file inclusion in WebCalendar before 1.2.5.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local file inclusion in WebCalendar before 1.2.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:25:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local file inclusion in WebCalendar before 1.2.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1496",
"datePublished": "2020-01-27T14:25:10",
"dateReserved": "2012-03-02T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10841 (GCVE-0-2017-10841)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Directory traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| k5n.us | WebCalendar |
Affected:
1.2.7 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebCalendar",
"vendor": "k5n.us",
"versions": [
{
"status": "affected",
"version": "1.2.7 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebCalendar",
"version": {
"version_data": [
{
"version_value": "1.2.7 and earlier"
}
]
}
}
]
},
"vendor_name": "k5n.us"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23340457",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"name": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8",
"refsource": "MISC",
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10841",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10840 (GCVE-0-2017-10840)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| k5n.us | WebCalendar |
Affected:
1.2.7 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebCalendar",
"vendor": "k5n.us",
"versions": [
{
"status": "affected",
"version": "1.2.7 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23340457",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebCalendar",
"version": {
"version_data": [
{
"version_value": "1.2.7 and earlier"
}
]
}
}
]
},
"vendor_name": "k5n.us"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23340457",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"name": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8",
"refsource": "MISC",
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10840",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1421 (GCVE-0-2013-1421)
Vulnerability from nvd – Published: 2014-04-22 14:00 – Updated: 2024-08-06 15:04
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:47.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
},
{
"name": "90669",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-22T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
},
{
"name": "90669",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/"
},
{
"name": "90669",
"refsource": "OSVDB",
"url": "http://osvdb.org/90669"
},
{
"name": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/",
"refsource": "MISC",
"url": "http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1421",
"datePublished": "2014-04-22T14:00:00",
"dateReserved": "2013-01-26T00:00:00",
"dateUpdated": "2024-08-06T15:04:47.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5385 (GCVE-0-2012-5385)
Vulnerability from nvd – Published: 2012-10-11 15:00 – Updated: 2024-09-17 00:11
VLAI?
Summary
install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-11T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2",
"refsource": "CONFIRM",
"url": "http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5385",
"datePublished": "2012-10-11T15:00:00Z",
"dateReserved": "2012-10-11T00:00:00Z",
"dateUpdated": "2024-09-17T00:11:53.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5384 (GCVE-0-2012-5384)
Vulnerability from nvd – Published: 2012-10-11 15:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-11T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3488543\u0026group_id=3870\u0026atid=303870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5384",
"datePublished": "2012-10-11T15:00:00Z",
"dateReserved": "2012-10-11T00:00:00Z",
"dateUpdated": "2024-09-16T17:54:02.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}