Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.
[
{
"vendor": "LuxSoft",
"product": "LuxCal Web Calendar",
"versions": [
{
"version": "prior to 5.2.4M (MySQL version)",
"status": "affected"
}
]
},
{
"vendor": "LuxSoft",
"product": "LuxCal Web Calendar",
"versions": [
{
"version": "prior to 5.2.4L (SQLite version)",
"status": "affected"
}
]
}
]