snazare

CVE-2025-52131 WRITEUP MEDIUM WRITEUP

Mocca Calendar < 2.15 - Stored Cross-Site Scripting via Background or Text Color Field

The Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color field.

CVSS 6.4

View Code

CVE-2025-52133 WRITEUP MEDIUM WRITEUP

Mocca Calendar < 2.15 - Stored Cross-Site Scripting via Calendar Import Title

The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import.

CVSS 6.4

View Code