Advisories for Maven/Org.xwiki.contrib/Macro-Fullcalendar-Pom package

2026

XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

Anyone who has view rights on the Calendar.JSONService page, including guest users can exploit this vulnerability by accessing database info or starting a DoS attack.

XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService

Anyone who has view rights on the Calendar.JSONService page, including guest users can exploit this vulnerability by accessing database info, with the exception of passwords.