2 matches found
CVE-2014-10014
Multiple cross-site request forgery CSRF vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 change the username and password of the administrator via an update action to the AdminOptions controller or...
CVE-2014-10014
This CVE concerns PHPJabbers Event Booking Calendar 2.0 with multiple CSRF vulnerabilities. The affected component paths include AdminOptions (update action that can change administrator username/password), AdminEvents (create action with event_title that can lead to XSS), and AdminCategories (cr...