Edgard Chammas

**Name of the Vulnerable Software and Affected Versions** ApPHP Calendar (ApPHP CAL) (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters, including `category name`, `category description`, `event name`, or `event description`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ApPHP Calendar (ApPHP CAL) (affected versions not specified) **Description** The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the calendar.class.php file. These vulnerabilities allow remote attackers to hijack the authentication of victims for requests that utilize specific parameters, including `category name`, `category description`, `event name`, and `event description`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.