Skip to main content

Full Calendar Macro

2 CVEs product

Monthly

CVE-2025-65091 Maven CRITICAL PATCH Act Now

XWiki Full Calendar Macro (before 2.4.5) has SQL injection accessible to guest users via the Calendar.JSONService page. Maximum CVSS 10.0 with scope change. Patch available.

SQLi Denial Of Service Full Calendar Macro
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-65090 Maven MEDIUM PATCH This Month

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. [CVSS 5.3 MEDIUM]

Information Disclosure Full Calendar Macro
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

XWiki Full Calendar Macro (before 2.4.5) has SQL injection accessible to guest users via the Calendar.JSONService page. Maximum CVSS 10.0 with scope change. Patch available.

SQLi Denial Of Service Full Calendar Macro
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. [CVSS 5.3 MEDIUM]

Information Disclosure Full Calendar Macro
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy