Vincent Hor: >> Calendarix Advanced Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.
CVSS Score
2.6
EPSS Score
0.007
Published
2006-04-19
PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-06-09
Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.
CVSS Score
7.5
EPSS Score
0.02
Published
2005-06-09
Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-05-31