Lucene search
K
PhpcommunitycalendarPhpcommunitycalendar

5 matches found

CVE
CVE
added 2005/09/14 4:0 a.m.56 views

CVE-2005-2882

The CVE-2005-2882 entry covers multiple XSS vulnerabilities in phpCommunityCalendar 4.0.3 (and possibly earlier). The affected components include LocationID-based injections in thankyou.php and day.php; font parameter in calDaily.php, calMonthly.php, calMonthlyP.php, calWeekly.php, calWeeklyP.php...

4.3CVSS6.1AI score0.01257EPSS
CVE
CVE
added 2006/06/03 1:0 a.m.45 views

CVE-2006-2798

CVE-2006-2798 involves multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3. The flaws allow remote attackers to inject arbitrary script/HTML via the LoName parameter in week.php and month.php, and via the AddressLink parameter in event.php. The NVD entry lists a base...

6.8CVSS5.8AI score0.02235EPSS
CVE
CVE
added 2005/09/14 4:0 a.m.38 views

CVE-2005-2880

CVE-2005-2880 concerns multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 (and possibly earlier). The flaws allow remote attackers to execute arbitrary SQL commands via (1) the login field in login.php or (2) the LocationID parameter to week.php. The affected component is phpCom...

7.5CVSS9AI score0.01332EPSS
CVE
CVE
added 2005/09/14 4:0 a.m.38 views

CVE-2005-2881

CVE-2005-2881 affects phpCommunityCalendar 4.0.3. Remote attackers can bypass authentication via a direct request to the admin directory. NVD CVSS v2 base score 7.5 (HIGH): NETWORK vector, low attack complexity, no authentication required; confidentiality, integrity, and availability are partiall...

7.5CVSS7.5AI score0.01843EPSS
CVE
CVE
added 2006/06/03 1:0 a.m.37 views

CVE-2006-2797

Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary SQL via parameters in month.php, day.php, delCalendar.php, event.php, delAdmin.php, delAddress.php, and delCategory.php. Root cause: unsafely constructed SQL queries; affected component...

7.5CVSS8.5AI score0.02063EPSS