PT-2022-12465 · Luxsoft · Luxcal Web Calendar
Pmnh
·
Published
2022-05-24
·
Updated
2023-08-08
·
CVE-2021-45915
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LuxSoft LuxCal Web Calendar versions prior to 5.2.0
Description
The issue allows an unauthenticated attacker to manipulate a cookie value, enabling the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.
Recommendations
For versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Luxcal Web Calendar