Security
Headlines

Headlines Latest CVEs

Headline

GHSA-2g22-wg49-fgv5: XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

Impact

Anyone who has view rights on the Calendar.JSONService page, including guest users can exploit this vulnerability by accessing database info or starting a DoS attack.

Workarounds

Remove the Calendar.JSONService page. This will however break some functionalities.

References

Jira issue:

For more information

If there are any questions or comments about this advisory:

Open an issue in Jira XWiki.org
Email Security Mailing List

11 hours ago

#sql #vulnerability #mac #js #git #java #intel #jira #maven

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-65091

XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

Package

maven org.xwiki.contrib:macro-fullcalendar-pom (Maven)

Affected versions

<= 2.4.3

Description

Published to the GitHub Advisory Database

Jan 9, 2026

EPSS score

ghsa: Latest News

GHSA-78p6-6878-8mj6: SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()

7 hours ago

GHSA-h4rm-mm56-xf63: Fickling vulnerable to detection bypass due to "builtins" blindness

7 hours ago

GHSA-w3g8-fp6j-wvqw: SM2-PKE has 32-bit Biased Nonce Vulnerability

7 hours ago

GHSA-q5qq-mvfm-j35x: Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

8 hours ago

GHSA-5hvc-6wx8-mvv4: Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

9 hours ago