VYPR

EventCalendar

by Drupal

CVEs (3)

  • CVE-2021-25024Jan 17, 2022
    risk 0.00cvss epss 0.01

    The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues

  • CVE-2021-25025Jan 17, 2022
    risk 0.00cvss epss 0.00

    The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

  • CVE-2014-1607Jan 26, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. …