Mootinator

**Name of the Vulnerable Software and Affected Versions** ltwCalendar versions prior to 4.2.1 **Description** The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary HTML or web script. This can lead to unauthorized access or control of user sessions. **Recommendations** For versions prior to 4.2.1, update to version 4.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ltwCalendar (aka PHP Event Calendar) versions prior to 4.2.1 **Description** The issue allows attackers to potentially infer correct passwords from the log file, as failed passwords are logged. **Recommendations** For versions prior to 4.2.1, update to version 4.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ltwCalendar versions 4.1.3 and earlier ltwCalendar version 4.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the calendar.php file. **Recommendations** For ltwCalendar versions 4.1.3 and earlier, update to a version later than 4.2 to resolve the issue. For ltwCalendar version 4.2, update to a version later than 4.2 to resolve the issue. As a temporary workaround, consider restricting access to the calendar.php file until a patch is available. Avoid using the `id` parameter in the calendar.php file until the issue is resolved.