CVE-2025-7868 Portabilis i-Educar Calendar educar_calendario_dia_motivo_cad.php cross site scripting

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educarcalendariodiamotivocad.php of the component Calendar Module. The manipulation of the argument Motivo/descricao results in cross site scripting. It is possible to...

CVE-2004-0016

The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files...