CVE-2021-45915

2022-05-2414:32:44

mitre

www.cve.org

web calendar

cookie manipulation

user authentication

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker’s session to be authenticated as any registered LuxCal user, including the site administrator.

References

github.com/h1pmnh

h1pmnh.github.io/post/cve-luxcal-2021/

twitter.com/h1pmnh

www.luxsoft.eu/index.php?pge=dload