Luxcal Web Calendar Security Vulnerabilities and Issues — Luxcal Web Calendar CVE List

Lucene search

LuxsoftLuxcal Web Calendar

8 matches found

CVE•added 2025/02/18 1:15 a.m.•57 views

CVE-2025-25222

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

9.8CVSS7.6AI score0.00023EPSS

CVE•added 2025/02/18 1:15 a.m.•57 views

CVE-2025-25223

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.

5.8CVSS6.9AI score0.00027EPSS

CVE•added 2025/02/18 1:15 a.m.•50 views

CVE-2025-25224

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.

7.5CVSS7.1AI score0.00034EPSS

CVE•added 2025/02/18 1:15 a.m.•49 views

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

9.8CVSS7.6AI score0.00023EPSS

CVE•added 2023/08/21 9:15 a.m.•39 views

CVE-2023-39543

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.

6.1CVSS6.3AI score0.00266EPSS

CVE•added 2023/08/21 9:15 a.m.•34 views

CVE-2023-39939

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.

9.1CVSS9.4AI score0.00179EPSS

CVE•added 2023/11/20 5:15 a.m.•29 views

CVE-2023-46700

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the databa...

9.8CVSS9.7AI score0.00207EPSS

CVE•added 2023/11/20 5:15 a.m.•28 views

CVE-2023-47175

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.

6.1CVSS6.3AI score0.0011EPSS