Primary

Context

XWiki Full Calendar Macro Data Leak Vulnerability in Calendar.JSONService

Vulnerability

A data leak vulnerability has been identified in the XWiki Full Calendar Macro, affecting versions through 2.4.5. The issue arises in the Calendar.JSONService, where users with view rights, including guest users, can access database information, excluding passwords. This vulnerability has been patched in version 2.4.6.

Impact

Exploitation of this vulnerability allows unauthorized access to database information through the Calendar.JSONService, potentially exposing sensitive data such as email addresses, according to the XWiki Jira.

Remediation

Users can upgrade to XWiki Full Calendar Macro version 2.4.6 or later to address this vulnerability. Alternatively, the Calendar.JSONService page can be removed, although this may disrupt certain functionalities.

Added: Jan 10, 2026, 4:22 AM

Updated: Jan 10, 2026, 4:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

XWiki Full Calendar Macro Data Leak Vulnerability in Calendar.JSONService

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating