Calendar Security Vulnerabilities and Issues — Calendar CVE List

Lucene search

SynologyCalendar

6 matches found

CVE•added 2019/06/30 3:15 p.m.•55 views

CVE-2019-11825

Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

6.5CVSS5.4AI score0.00133EPSS

CVE•added 2022/07/12 7:15 a.m.•48 views

CVE-2022-22682

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

6.5CVSS5.1AI score0.00198EPSS

CVE•added 2017/12/08 4:29 p.m.•40 views

CVE-2017-15891

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.

6.5CVSS6AI score0.00132EPSS

CVE•added 2018/06/14 2:29 p.m.•37 views

CVE-2018-8927

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.

6.5CVSS6.2AI score0.00119EPSS

CVE•added 2019/04/01 3:29 p.m.•32 views

CVE-2018-13299

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.

6.5CVSS6.2AI score0.00221EPSS

CVE•added 2018/05/10 1:29 p.m.•32 views

CVE-2018-8915

Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.

6.5CVSS5.1AI score0.00133EPSS