← back
CVE-2021-45915

CVE-2021-45915

EPSS 1.5%
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/h1pmnhhttps://h1pmnh.github.io/post/cve-luxcal-2021/https://twitter.com/h1pmnhhttps://www.luxsoft.eu/index.php?pge=dload