Skip to main content

Calendar CVE-2013-2698

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2014-05-27 PSIRT-CNA@flexerasoftware.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
May 27, 2014 - 14:55 cve.org
MEDIUM 6.8

DescriptionCVE.org

Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors.

AnalysisAI

Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors. Affected products include: Kieranoshea Calendar. Version information: before 1.3.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2022-24838 CRITICAL
9.8 Apr 11

Nextcloud Calendar is a calendar application for the nextcloud framework. Rated critical severity (CVSS 9.8), this vulne

CVE-2019-11829 CRITICAL
9.8 Jun 30

OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote

CVE-2025-66550 MEDIUM POC
5.7 Dec 05

A security vulnerability in Nextcloud Calendar (CVSS 5.7). Risk factors: public PoC available. Vendor patch is available

CVE-2023-45150 MEDIUM POC
4.3 Oct 16

Nextcloud calendar is a calendar app for the Nextcloud server platform. Rated medium severity (CVSS 4.3), this vulnerabi

CVE-2022-22686 HIGH
8.0 Jul 26

Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote

CVE-2021-34812 HIGH
7.5 Jun 18

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attack

CVE-2017-15891 MEDIUM
6.5 Dec 08

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authent

CVE-2023-48308 MEDIUM
6.5 Dec 22

Nextcloud/Cloud is a calendar app for Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploi

CVE-2018-8927 MEDIUM
6.5 Jun 14

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users t

CVE-2026-29052 MEDIUM
6.1 Mar 05

HumHub Calendar module versions prior to 1.8.11 contain a stored XSS vulnerability in Event Types that allows attackers

CVE-2024-45303 MEDIUM
6.1 Sep 12

Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rated

CVE-2023-30678 MEDIUM
5.5 Jul 06

Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows atta

Share

CVE-2013-2698 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy