Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
HumHub Calendar Module: Admin Events Can Contain Malicious Code
CVE-2026-29052
Summary
If an admin creates an event with malicious code, other users viewing the event may see that code. This could potentially allow an attacker to steal sensitive information or take control of your system. Update to version 1.8.11 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| humhub | calendar | <= 1.8.11 | – |
Original title
The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored C...
Original description
The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cross-Site Scripting (XSS) vulnerability in the Event Types of the HumHub Calendar module impacts users viewing events created by an administrative account. This issue has been patched in version 1.8.11.
nvd CVSS4.0
6.9
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026