AI Score
Confidence
High
EPSS
Percentile
74.1%
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attackerβs session to be authenticated as any registered LuxCal user, including the site administrator.
github.com/h1pmnh
h1pmnh.github.io/post/cve-luxcal-2021/
twitter.com/h1pmnh
www.luxsoft.eu/index.php?pge=dload