Lucene search

K
LuxsoftLuxcal Web Calendar

8 matches found

CVE
CVE
added 2025/02/18 1:15 a.m.57 views

CVE-2025-25222

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

9.8CVSS7.6AI score0.00023EPSS
CVE
CVE
added 2025/02/18 1:15 a.m.57 views

CVE-2025-25223

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.

5.8CVSS6.9AI score0.00027EPSS
CVE
CVE
added 2025/02/18 1:15 a.m.50 views

CVE-2025-25224

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.

7.5CVSS7.1AI score0.00034EPSS
CVE
CVE
added 2025/02/18 1:15 a.m.49 views

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

9.8CVSS7.6AI score0.00023EPSS
CVE
CVE
added 2023/08/21 9:15 a.m.39 views

CVE-2023-39543

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.

6.1CVSS6.3AI score0.00266EPSS
CVE
CVE
added 2023/08/21 9:15 a.m.34 views

CVE-2023-39939

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.

9.1CVSS9.4AI score0.00179EPSS
CVE
CVE
added 2023/11/20 5:15 a.m.29 views

CVE-2023-46700

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the databa...

9.8CVSS9.7AI score0.00207EPSS
CVE
CVE
added 2023/11/20 5:15 a.m.28 views

CVE-2023-47175

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.

6.1CVSS6.3AI score0.0011EPSS