CVE-2026-29052 | THREATINT

Description

The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cross-Site Scripting (XSS) vulnerability in the Event Types of the HumHub Calendar module impacts users viewing events created by an administrative account. This issue has been patched in version 1.8.11.

PUBLISHED Reserved 2026-03-03 | Published 2026-03-05 | Updated 2026-03-05 | Assigner GitHub_M

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

< 1.8.11

affected

References

github.com/...lendar/security/advisories/GHSA-gqj3-pmp2-mrx8

github.com/humhub/calendar/releases/tag/v1.8.11

cve.org (CVE-2026-29052)

nvd.nist.gov (CVE-2026-29052)

Download JSON