Php Calendar
Products
1- 5 CVEs
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-6485 | Med | 0.40 | 6.1 | 0.00 | Mar 5, 2017 | A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |
| CVE-2004-1423 | 0.04 | — | 0.11 | Dec 31, 2004 | Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php. | ||
| CVE-2009-3702 | 0.03 | — | 0.01 | Dec 22, 2009 | Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | ||
| CVE-2010-2041 | 0.00 | — | 0.01 | May 25, 2010 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters. | ||
| CVE-2005-1397 | 0.00 | — | 0.03 | May 3, 2005 | SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
- risk 0.40cvss 6.1epss 0.00
A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
- CVE-2004-1423Dec 31, 2004risk 0.04cvss —epss 0.11
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
- CVE-2009-3702Dec 22, 2009risk 0.03cvss —epss 0.01
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
- CVE-2010-2041May 25, 2010risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters.
- CVE-2005-1397May 3, 2005risk 0.00cvss —epss 0.03
SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.