Full Calendar Macro
Approved changes feed: RSS · Atom
cpe:2.3:a:xwiki:full_calendar_macro:*:*:*:*:*:xwiki:*:*
part: a version: * update: *
| Vendor | Xwiki (cdc9c0cd-6ac5-5dc0-9f52-915ebd57f20d) |
|---|---|
| Product | Full Calendar Macro (537f8738-c7a1-5f6c-aac2-e5f9fc434d6a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | xwiki |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-65091 |
vulnerable | 2026-06-03 15:09:40.194450 |
XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService
CRITICAL (10)
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (including guest users) can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been patched in version 2.4.5.
Published: 2026-01-10T03:06:16.775Z
Updated: 2026-01-12T17:35:19.706Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-65090 |
vulnerable | 2026-06-03 15:09:40.193977 |
XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService
MEDIUM (5.3)
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. This issue has been patched in version 2.4.6.
Published: 2026-01-10T03:05:06.531Z
Updated: 2026-01-12T17:36:38.233Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.