Description

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.

Remediation

References

CVE-2024-33996

Related Vulnerabilities

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17774)

WordPress Plugin User Role Editor Cross-Site Scripting (4.37)

WordPress Plugin Import and export users and customers Cross-Site Request Forgery (1.14.1.3)

Oracle Database Server CVE-2006-0259 Vulnerability (CVE-2006-0259)

WordPress Plugin WP Fastest Cache Cross-Site Request Forgery (0.8.3.4)

Severity

Medium

Classification

CVE-2024-33996 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities