Page 2 of 8 results (0.002 seconds)

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0

Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/alfio-event/alf.io/security/advisories/GHSA-8p6m-mm22-q893 • CWE-613: Insufficient Session Expiration •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301. Cross site scripting (XSS): reflejado en el repositorio de GitHub alfio-event/alf.io antes de 2.0-M4-2301. • https://github.com/alfio-event/alf.io/commit/c1ae54ac84f1c7a5ec2831876f6445cb79be96fc https://huntr.dev/bounties/0a91fec7-a76e-4ca3-80ba-81de1f10d59d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301. Cross site scripting (XSS): almacenado en el repositorio de GitHub alfio-event/alf.io anterior a Alf.io 2.0-M4-2301. • https://github.com/alfio-event/alf.io/commit/21cb2866e5f58b4a2b4a2cb0066479bbb26f7b39 https://huntr.dev/bounties/8a91e127-2903-4c6b-9a66-e4d2e30f8dec • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •