CVE-2021-45914

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.
References
Link Resource
https://h1pmnh.github.io/post/cve-luxcal-2021/ Third Party Advisory
https://github.com/h1pmnh Not Applicable
https://twitter.com/h1pmnh Third Party Advisory
https://www.luxsoft.eu/index.php?pge=dload Product Release Notes Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:luxsoft:luxcal:*:*:*:*:*:*:*:*

Information

Published : 2022-05-24 08:15

Updated : 2022-06-06 07:10


NVD link : CVE-2021-45914

Mitre link : CVE-2021-45914


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

luxsoft

  • luxcal