Full Calendar Macro

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-65091 CRITICAL PATCH Act Now

XWiki Full Calendar Macro (before 2.4.5) has SQL injection accessible to guest users via the Calendar.JSONService page. Maximum CVSS 10.0 with scope change. Patch available.

SQLi Denial Of Service Full Calendar Macro
NVD GitHub
CVSS 3.1
10.0
EPSS
0.2%
CVE-2025-65090 MEDIUM PATCH This Month

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. [CVSS 5.3 MEDIUM]

Information Disclosure Full Calendar Macro
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-65091
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

XWiki Full Calendar Macro (before 2.4.5) has SQL injection accessible to guest users via the Calendar.JSONService page. Maximum CVSS 10.0 with scope change. Patch available.

SQLi Denial Of Service Full Calendar Macro
NVD GitHub
CVE-2025-65090
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. [CVSS 5.3 MEDIUM]

Information Disclosure Full Calendar Macro
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy