CVE-2021-45914
EUVD-2021-3262924.05.2022, 15:15
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| luxsoft | luxcal | 𝑥 < 5.2.0 |
𝑥
= Vulnerable software versions