CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12628
https://notcve.org/view.php?id=CVE-2018-12628
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges. Se detectó un problema en Eventum versión 3.5.0. Un problema de tipo CSRF en el archivo htdocs/manage/users.php permite crear otro usuario con privilegios de administrador. • https://github.com/eventum/eventum/blob/master/CHANGELOG.md https://github.com/eventum/eventum/releases/tag/v3.5.2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12627
https://notcve.org/view.php?id=CVE-2018-12627
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter. Se detectó un problema en Eventum versión 3.5.0. El archivo /htdocs/list.php presenta un problema de tipo XSS por medio del parámetro show_notification_list_issues o show_authorized_issues. • https://github.com/eventum/eventum/blob/master/CHANGELOG.md https://github.com/eventum/eventum/releases/tag/v3.5.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12626
https://notcve.org/view.php?id=CVE-2018-12626
An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. Se detectó un problema en Eventum versión 3.5.0. El archivo /htdocs/popup.php presenta un problema de tipo XSS por medio del parámetro cat. • https://github.com/eventum/eventum/blob/master/CHANGELOG.md https://github.com/eventum/eventum/releases/tag/v3.5.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12625
https://notcve.org/view.php?id=CVE-2018-12625
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. Se detectó un problema en Eventum versión 3.5.0. El archivo /htdocs/validate.php presenta un problema de tipo XSS por medio del parámetro values. • https://github.com/eventum/eventum/blob/master/CHANGELOG.md https://github.com/eventum/eventum/releases/tag/v3.5.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12623
https://notcve.org/view.php?id=CVE-2018-12623
An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter. Se detectó un problema en Eventum versión 3.5.0. El archivo htdocs/switch.php presenta un problema de tipo XSS por medio del parámetro current_page. • https://github.com/eventum/eventum/blob/master/CHANGELOG.md https://github.com/eventum/eventum/releases/tag/v3.5.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •