PT-2026-23407 · Humhub · Humhub Calendar
Lassi
·
Published
2026-03-05
·
Updated
2026-03-09
·
CVE-2026-29052
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
HumHub Calendar module versions prior to 1.8.11
Description
The Calendar module for HumHub allows users to create and manage events. A stored cross-site scripting (XSS) issue exists in the Event Types functionality of the Calendar module for versions prior to 1.8.11. This impacts users viewing events created by an administrative account. The issue allows an attacker to inject malicious scripts into the application through the Event Types feature. The vulnerability is triggered when a user views events created by an administrative account.
Recommendations
Update to HumHub Calendar module version 1.8.11 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Humhub Calendar