VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1507

CVE-2004-1507

Description

CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server.

Affected products

30
  • Webcalendar/Webcalendar30 versions
    cpe:2.3:a:webcalendar:webcalendar:0.9.8:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:a:webcalendar:webcalendar:0.9.8:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.11:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.15:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.16:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.19:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.20:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.21:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.22:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.23:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.24:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.25:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.26:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.27:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.28:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.29:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.30:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.31:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.32:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.33:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.34:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.35:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.36:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.37:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.38:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.39:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.40:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.41:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.42:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.43:*:*:*:*:*:*:*
    • cpe:2.3:a:webcalendar:webcalendar:0.9.44:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.