VYPR

miniCal

by MiniCal

CVEs (4)

  • CVE-2023-33410HigJun 5, 2023
    risk 0.57cvss 8.8epss 0.01

    Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.

  • CVE-2023-33409MedJun 5, 2023
    risk 0.42cvss 6.5epss 0.00

    Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.

  • CVE-2023-3307MedJun 18, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiated remotely. The exploit has…

  • CVE-2023-33408MedJun 5, 2023
    risk 0.35cvss 5.4epss 0.01

    Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.