CVE-2010-0638
WebCalendar 1.2.0 - Cross-Site Request Forgery via Administrative Password Change
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References (1)
Core 1
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38222
Scores
EPSS
0.0057
EPSS Percentile
43.2%
Details
CWE
CWE-352
Status
published
Products (1)
k5n/webcalendar
1.2.0
Published
Feb 15, 2010
Tracked Since
Feb 18, 2026