Vincent Hor » Calendarix Advanced : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.
Max CVSS
2.6
EPSS Score
0.99%
Published
2006-04-19
Updated
2018-10-18
Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.
Max CVSS
4.3
EPSS Score
0.21%
Published
2005-05-31
Updated
2008-09-05
Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.
Max CVSS
7.5
EPSS Score
1.07%
Published
2005-06-09
Updated
2008-09-05
PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.
Max CVSS
5.0
EPSS Score
0.41%
Published
2005-06-09
Updated
2008-09-05
4 vulnerabilities found