VYPR
Vendor

Luxsoft

Products
2
CVEs
10
Across products
11
Status
Private

Products

2

Recent CVEs

10
  • CVE-2025-25222CriFeb 18, 2025
    risk 0.64cvss 9.8epss 0.00

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

  • CVE-2025-25221CriFeb 18, 2025
    risk 0.64cvss 9.8epss 0.00

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

  • CVE-2023-46700CriNov 20, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information…

  • CVE-2021-45915CriMay 24, 2022
    risk 0.64cvss 9.8epss 0.01

    In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.

  • CVE-2021-45914CriMay 24, 2022
    risk 0.64cvss 9.8epss 0.01

    In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.

  • CVE-2023-39939CriAug 21, 2023
    risk 0.59cvss 9.1epss 0.01

    SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.

  • CVE-2025-25224HigFeb 18, 2025
    risk 0.49cvss 7.5epss 0.01

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.

  • CVE-2023-47175MedNov 20, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the product.

  • CVE-2023-39543MedAug 21, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.

  • CVE-2025-25223MedFeb 18, 2025
    risk 0.34cvss 5.3epss 0.01

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.