webcalendar_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk cross-site scripting and パス処理の欠陥 などに関し、一部は ファイル上書き を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-22635 | WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php. | [email protected] | 6.1 | 0.17% | 2024-01-25 | 2025-06-20 |
| CVE-2023-0289 | Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master. | [email protected] | 5.4 | 0.32% | 2023-01-13 | 2024-11-21 |
| CVE-2013-1422 | webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user"). | [email protected] | 5.3 | 0.32% | 2020-02-04 | 2024-11-21 |
| CVE-2012-1496 | Local file inclusion in WebCalendar before 1.2.5. | [email protected] | 8.8 | 0.80% | 2020-01-27 | 2024-11-21 |
| CVE-2012-1495 | install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | [email protected] | 9.8 | 88.72% | 2020-01-27 | 2024-11-21 |
| CVE-2017-10841 | Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | [email protected] | 4.9 | 2.18% | 2017-08-29 | 2026-05-13 |
| CVE-2017-10840 | Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 6.1 | 0.22% | 2017-08-29 | 2026-05-13 |
| CVE-2013-1421 | Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php. | [email protected] | 4.3 | 0.25% | 2014-04-22 | 2026-05-06 |
| CVE-2012-5385 | install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference. | [email protected] | 7.5 | 1.27% | 2012-10-11 | 2026-04-29 |
| CVE-2012-5384 | Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846. | [email protected] | 4.3 | 0.22% | 2012-10-11 | 2026-04-29 |