4 matches found
CVE-2012-5384
Multiple cross-site scripting XSS vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the 1 $name or 2 $description variables in editentryhandler.php, or 3 $url, 4 $tempfullname, or 5 $extusers variables in viewentry.php, different vector...
CVE-2013-1421
CVE-2013-1421 affects Craig Knudsen WebCalendar prior to 1.2.7 (including 1.2.5 and 1.2.6). The issue is a Cross-Site Scripting (XSS) vulnerability in the Category Name field processed by category.php, enabling remote attackers to inject arbitrary web script or HTML. Affected versions and impact ...
CVE-2012-5384
CVE-2012-5384 and related entries describe multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar. The flaws allow remote attackers to inject arbitrary script/HTML by manipulating parameters in edit_entry_handler.php (name/description) and view_entry.php (url, tempfullna...
Remote file inclusion
includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that...