VYPR

LuxCal

by LuxCal

CVEs (2)

  • CVE-2020-26799CriJul 21, 2025
    risk 0.64cvss 9.8epss 0.01

    A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal other users' data.

  • CVE-2025-25222CriFeb 18, 2025
    risk 0.64cvss 9.8epss 0.00

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.