Primary

Context

XWiki Full Calendar Macro SQL Injection Vulnerability in Calendar.JSONService

Vulnerability

A SQL injection vulnerability has been identified in the XWiki Full Calendar Macro, affecting versions through 2.4.3. The issue arises in the Calendar.JSONService page, where users with view rights, including guest users, can exploit the vulnerability to access database information or initiate a denial-of-service attack. The vulnerability has been patched in version 2.4.5.

Impact

Exploitation of this vulnerability allows for SQL injection, with the potential to access database information or cause a denial-of-service condition.

Remediation

Users can upgrade to XWiki Full Calendar Macro version 2.4.5 or later to address this vulnerability. Alternatively, the Calendar.JSONService page can be removed, although this may disrupt certain functionalities.

Added: Jan 10, 2026, 4:22 AM

Updated: Jan 10, 2026, 4:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

XWiki Full Calendar Macro SQL Injection Vulnerability in Calendar.JSONService

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating