Codewalkers: >> Ltwcalendar >> 4.2 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
CVSS Score
6.8
EPSS Score
0.009
Published
2006-12-02
Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.
CVSS Score
5.0
EPSS Score
0.003
Published
2006-12-02