CVE-2013-1422

webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").