2 matches found
CVE-2004-1787
CVE-2004-1787 affects PostCalendar 4.0.0 . The vulnerability is a SQL injection in search queries that allows remote attackers to execute arbitrary SQL commands. Root cause, as stated, is unvalidated/unsafely composed input in the search parameter leading to injection. The impact is described as ...
CVE-2002-0739
CVE-2002-0739 describes a cross-site scripting vulnerability in PostCalendar 3.02. The issue allows remote attackers to inject arbitrary HTML and scripts and to harvest cookies by modifying a calendar entry on the preview page. The NVD entry lists a base score of 7.5 (HIGH) with network attack ve...