CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-45914

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/h1pmnh
https://h1pmnh.github.io/post/cve-luxcal-2021/
https://twitter.com/h1pmnh
https://www.luxsoft.eu/index.php?pge=dload
https://github.com/h1pmnh
https://h1pmnh.github.io/post/cve-luxcal-2021/
https://twitter.com/h1pmnh
https://www.luxsoft.eu/index.php?pge=dload

Products affected by CVE-2021-45914

Luxsoft » Luxcal » Version: Any

cpe:2.3:a:luxsoft:luxcal:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-45914

Products

Pricing

Contact Us