PT-2022-12464 · Luxsoft · Luxcal Web Calendar

Pmnh

Published

2022-05-24

Updated

2023-08-08

CVE-2021-45914

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LuxSoft LuxCal Web Calendar versions prior to 5.2.0

Description An unauthenticated attacker can manipulate a POST request, allowing the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.

Recommendations For versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-45914

Affected Products

Luxcal Web Calendar

PT-2022-12464 · Luxsoft · Luxcal Web Calendar

CVE-2021-45914

Related Identifiers

Affected Products

References · 8