Calendarix Advanced

CVEs (4)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2006-1835	0.03	—	0.01	Apr 19, 2006	Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.
CVE-2005-1864	0.00	—	0.00	Jun 9, 2005	PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.
CVE-2005-1865	0.00	—	0.02	Jun 9, 2005	Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.
CVE-2005-1866	0.00	—	0.00	May 31, 2005	Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.

CVE-2006-1835Apr 19, 2006
risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.
CVE-2005-1864Jun 9, 2005
risk 0.00cvss —epss 0.00
PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.
CVE-2005-1865Jun 9, 2005
risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.
CVE-2005-1866May 31, 2005
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.