CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4455 – sproctor php-calendar index.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-4455
13 Dec 2022 — A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. • https://github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6485
https://notcve.org/view.php?id=CVE-2017-6485
05 Mar 2017 — A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Un problema de XSS ha sido descubierto en php-calendar en versiones anteriores a 03-03-2017. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados p... • https://github.com/jasonjoh/php-calendar/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2010-2041
https://notcve.org/view.php?id=CVE-2010-2041
25 May 2010 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php de PHP-Calendar en versiones anteriores a la v2.0 Beta7. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de los parámetros (1) description y (2) lastaction. • http://packetstormsecurity.org/1005-advisories/phpcalendar-xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 11EXPL: 0CVE-2005-1397
https://notcve.org/view.php?id=CVE-2005-1397
02 May 2005 — SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. • http://secunia.com/advisories/15116 •
CVSS: 9.8EPSS: 10%CPEs: 11EXPL: 4CVE-2004-1423 – PHP-Calendar < 0.10.1 - Arbitrary File Inclusion
https://notcve.org/view.php?id=CVE-2004-1423
31 Dec 2004 — Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php. • https://www.exploit-db.com/exploits/43819 • CWE-94: Improper Control of Generation of Code ('Code Injection') •