Webcalendar: >> Webcalendar >> 1.0.4 Security Vulnerabilities
includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.
CVSS Score
7.5
EPSS Score
0.016
Published
2007-03-08
Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.
CVSS Score
6.8
EPSS Score
0.01
Published
2006-12-20