Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2010-0638

Cross-site request forgery CSRF vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2010-0638

CVE-2010-0638 affects WebCalendar 1.2.0, where a CSRF flaw allows remote attackers to hijack administrator sessions and perform password changes. The exact exploitation vectors are not detailed in the provided documents. OpenVAS notes multiple CSRF (and XSS) vulnerabilities in WebCalendar and ind...

CVE-2010-0636

Multiple cross-site scripting XSS vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the 1 tab parameter to users.php and the PATHINFO to 2 day.php, 3 month.php, and 4 week.php. NOTE: some of these details are...