CVE-2025-65091 | xwiki-contrib macro-fullcalendar up to 2.4.4 Calendar.JSONService sql injection (GHSA-2g22-wg49-fgv5)

A vulnerability described as critical has been identified in xwiki-contrib macro-fullcalendar up to 2.4.4. This affects an unknown part of the file Calendar.JSONService. Executing a manipulation can lead to sql injection.

This vulnerability appears as CVE-2025-65091. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More