CVE-2010-0638

WebCalendar 1.2.0 - Cross-Site Request Forgery via Administrative Password Change

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References (1)

Core 1
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38222

Scores

EPSS 0.0057
EPSS Percentile 43.2%

Details

CWE
CWE-352
Status published
Products (1)
k5n/webcalendar 1.2.0
Published Feb 15, 2010
Tracked Since Feb 18, 2026