2 matches found
CVE-2010-0637
Multiple cross-site request forgery CSRF vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that 1 delete an event or 2 ban an IP address from posting via unknown vectors. NOTE: some of these...
CVE-2010-0637
WebCalendar 1.2.0 and earlier (up to 1.2.5) are vulnerable to multiple CSRF flaws that can hijack administrator sessions to perform actions such as deleting events or banning IPs. The issue affects the product as described in CVE-2010-0637 with a CVSS base score of 6.8 (network, medium complexity...