VYPR

LuxCal Web Calendar

by LuxCal

CVEs (8)

  • CVE-2025-25222CriFeb 18, 2025
    risk 0.64cvss 9.8epss 0.00

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

  • CVE-2025-25221CriFeb 18, 2025
    risk 0.64cvss 9.8epss 0.00

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

  • CVE-2023-46700CriNov 20, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information…

  • CVE-2023-39939CriAug 21, 2023
    risk 0.59cvss 9.1epss 0.01

    SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.

  • CVE-2025-25224HigFeb 18, 2025
    risk 0.49cvss 7.5epss 0.01

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.

  • CVE-2023-47175MedNov 20, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.

  • CVE-2023-39543MedAug 21, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.

  • CVE-2025-25223MedFeb 18, 2025
    risk 0.34cvss 5.3epss 0.01

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.