Webcalendar@0.9.16 Security Vulnerabilities and Issues — Webcalendar@0.9.16 CVE List

Lucene search

WebcalendarWebcalendar0.9.16

5 matches found

CVE•added 2005/07/19 4:0 a.m.•46 views

CVE-2005-2320

WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.

7.5CVSS6.6AI score0.0075EPSS

CVE•added 2005/02/19 5:0 a.m.•37 views

CVE-2004-1507

CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server.

5CVSS6.7AI score0.00409EPSS

CVE•added 2001/06/27 4:0 a.m.•35 views

CVE-2001-0477

Vulnerability in WebCalendar 0.9.26 allows remote command execution.

7.5CVSS7AI score0.02411EPSS

CVE•added 2005/02/19 5:0 a.m.•34 views

CVE-2004-1508

init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.

7.5CVSS7.3AI score0.00874EPSS

CVE•added 2005/02/19 5:0 a.m.•33 views

CVE-2004-1506

Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.

4.3CVSS5.9AI score0.00409EPSS