Calendar Security Vulnerabilities
Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder...
7.5CVSS
7.4AI Score
0.036EPSS
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label]...
4.8CVSS
4.9AI Score
0.001EPSS
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent]...
4.8CVSS
4.9AI Score
0.001EPSS
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via...
8.8CVSS
8.6AI Score
0.002EPSS
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][]...
4.8CVSS
4.9AI Score
0.001EPSS
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to...
9.8CVSS
9.9AI Score
0.003EPSS
The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...
6.1CVSS
5.9AI Score
0.001EPSS
9.8CVSS
9.9AI Score
0.002EPSS
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified...
6.5CVSS
6AI Score
0.001EPSS
Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated...
5.3CVSS
4.7AI Score
0.002EPSS
Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated...
8.2CVSS
8.1AI Score
0.001EPSS
Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated...
8.2CVSS
8.1AI Score
0.001EPSS
Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified...
6.1CVSS
6AI Score
0.002EPSS
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr...
6.1CVSS
6.1AI Score
0.001EPSS
Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange...
5.3CVSS
5.3AI Score
0.002EPSS
Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified...
6.1CVSS
6AI Score
0.001EPSS
SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to...
9.8CVSS
9.8AI Score
0.003EPSS
A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in.....
6.1CVSS
5.8AI Score
0.001EPSS
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to...
9.1CVSS
7.8AI Score
0.002EPSS
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to...
9.1CVSS
7.8AI Score
0.002EPSS
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to...
8.2CVSS
7.5AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.003EPSS
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the...
9.8AI Score
0.001EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller.....
6.9AI Score
0.004EPSS
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid...
8.8AI Score
0.109EPSS
The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to...
5.8AI Score
0.005EPSS
The Girls Calendar Period&Weight (aka jp.co.cybird.apps.lifestyle.cal) application 3.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w...
6AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified...
7.3AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the...
6AI Score
0.008EPSS
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar...
5.9AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4)...
7.7AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message...
5.9AI Score
0.002EPSS
SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID...
8.7AI Score
0.002EPSS
Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown...
7.9AI Score
0.018EPSS
Multiple cross-site scripting (XSS) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to inject arbitrary web script or HTML via the (1) category_name, (2) category_description, (3) event_name, or (4) event_description...
5.9AI Score
0.002EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to hijack the authentication of unspecified victims for requests that use the (1) category_name, (2) category_description, (3) event_name, or (4) event_description.....
7.5AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction...
5.9AI Score
0.003EPSS
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file...
7.2AI Score
0.007EPSS
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than...
8.4AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in...
6AI Score
0.002EPSS
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
8.3AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline Corporate Calendar allows remote attackers to inject arbitrary web script or HTML via the keyword...
5.9AI Score
0.002EPSS
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order...
8.7AI Score
0.001EPSS
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not...
6.9AI Score
0.022EPSS
SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown...
8.7AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the id parameter to...
8.8AI Score
0.002EPSS
Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid...
6.7AI Score
0.146EPSS