2022-05-24 14:32:59
mitre
PUBLISHED
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attackers session to be authenticated as any registered LuxCal user, including the site administrator.