Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:7 a.m.8 views

CVE-2012-5384

Multiple cross-site scripting XSS vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the 1 $name or 2 $description variables in editentryhandler.php, or 3 $url, 4 $tempfullname, or 5 $extusers variables in viewentry.php, different vector...

4.3CVSS5.8AI score0.01693EPSS
Exploits1References1
CVE
CVE
added 2014/04/22 2:0 p.m.45 views

CVE-2013-1421

CVE-2013-1421 affects Craig Knudsen WebCalendar prior to 1.2.7 (including 1.2.5 and 1.2.6). The issue is a Cross-Site Scripting (XSS) vulnerability in the Category Name field processed by category.php, enabling remote attackers to inject arbitrary web script or HTML. Affected versions and impact ...

4.3CVSS5.9AI score0.0124EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2012/10/11 3:0 p.m.47 views

CVE-2012-5384

CVE-2012-5384 and related entries describe multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar. The flaws allow remote attackers to inject arbitrary script/HTML by manipulating parameters in edit_entry_handler.php (name/description) and view_entry.php (url, tempfullna...

4.3CVSS5.5AI score0.00931EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2007/03/08 10:19 p.m.16 views

Remote file inclusion

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that...

7.5CVSS6.9AI score0.02144EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder