Calendar
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6794 | 0.03 | — | 0.01 | Nov 14, 2013 | Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third… | |||
| CVE-2022-24838 | 0.01 | — | 0.09 | Apr 11, 2022 | Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out… | |||
| CVE-2024-21727 | 0.00 | — | 0.00 | Feb 15, 2024 | XSS vulnerability in DP Calendar component for Joomla. | |||
| CVE-2023-48308 | 0.00 | — | 0.00 | Dec 21, 2023 | Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3 | |||
| CVE-2023-30678 | 0.00 | — | 0.00 | Jul 6, 2023 | Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file. | |||
| CVE-2023-33183 | 0.00 | — | 0.00 | May 30, 2023 | Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3 | |||
| CVE-2022-39915 | 0.00 | — | 0.00 | Dec 8, 2022 | Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent. | |||
| CVE-2009-4337 | 0.00 | — | 0.00 | Dec 17, 2009 | SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691. | |||
| CVE-2009-4336 | 0.00 | — | 0.00 | Dec 17, 2009 | Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-3157 | 0.00 | — | 0.00 | Sep 10, 2009 | Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type. | |||
| CVE-2006-1967 | 0.00 | — | 0.01 | Apr 21, 2006 | Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter. | |||
| CVE-2005-4008 | 0.00 | — | 0.01 | Dec 5, 2005 | SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters. | |||
| CVE-2005-1116 | 0.00 | — | 0.00 | May 2, 2005 | Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. |
- CVE-2013-6794Nov 14, 2013risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third…
- CVE-2022-24838Apr 11, 2022risk 0.01cvss —epss 0.09
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out…
- CVE-2024-21727Feb 15, 2024risk 0.00cvss —epss 0.00
XSS vulnerability in DP Calendar component for Joomla.
- CVE-2023-48308Dec 21, 2023risk 0.00cvss —epss 0.00
Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3
- CVE-2023-30678Jul 6, 2023risk 0.00cvss —epss 0.00
Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file.
- CVE-2023-33183May 30, 2023risk 0.00cvss —epss 0.00
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3
- CVE-2022-39915Dec 8, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.
- CVE-2009-4337Dec 17, 2009risk 0.00cvss —epss 0.00
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.
- CVE-2009-4336Dec 17, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-3157Sep 10, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
- CVE-2006-1967Apr 21, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.
- CVE-2005-4008Dec 5, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters.
- CVE-2005-1116May 2, 2005risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php.