5 matches found
CVE-2005-2882
The CVE-2005-2882 entry covers multiple XSS vulnerabilities in phpCommunityCalendar 4.0.3 (and possibly earlier). The affected components include LocationID-based injections in thankyou.php and day.php; font parameter in calDaily.php, calMonthly.php, calMonthlyP.php, calWeekly.php, calWeeklyP.php...
CVE-2006-2798
CVE-2006-2798 involves multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3. The flaws allow remote attackers to inject arbitrary script/HTML via the LoName parameter in week.php and month.php, and via the AddressLink parameter in event.php. The NVD entry lists a base...
CVE-2005-2880
CVE-2005-2880 concerns multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 (and possibly earlier). The flaws allow remote attackers to execute arbitrary SQL commands via (1) the login field in login.php or (2) the LocationID parameter to week.php. The affected component is phpCom...
CVE-2005-2881
CVE-2005-2881 affects phpCommunityCalendar 4.0.3. Remote attackers can bypass authentication via a direct request to the admin directory. NVD CVSS v2 base score 7.5 (HIGH): NETWORK vector, low attack complexity, no authentication required; confidentiality, integrity, and availability are partiall...
CVE-2006-2797
Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary SQL via parameters in month.php, day.php, delCalendar.php, event.php, delAdmin.php, delAddress.php, and delCategory.php. Root cause: unsafely constructed SQL queries; affected component...