11 results (0.028 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges. Se detectó un problema en Eventum versión 3.5.0. Un problema de tipo CSRF en el archivo htdocs/manage/users.php permite crear otro usuario con privilegios de administrador. • https://github.com/eventum/eventum/blob/master/CHANGELOG.md https://github.com/eventum/eventum/releases/tag/v3.5.2 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter. Se detectó un problema en Eventum versión 3.5.0. El archivo /htdocs/list.php presenta un problema de tipo XSS por medio del parámetro show_notification_list_issues o show_authorized_issues. • https://github.com/eventum/eventum/blob/master/CHANGELOG.md https://github.com/eventum/eventum/releases/tag/v3.5.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. Se detectó un problema en Eventum versión 3.5.0. El archivo /htdocs/popup.php presenta un problema de tipo XSS por medio del parámetro cat. • https://github.com/eventum/eventum/blob/master/CHANGELOG.md https://github.com/eventum/eventum/releases/tag/v3.5.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. Se detectó un problema en Eventum versión 3.5.0. El archivo /htdocs/validate.php presenta un problema de tipo XSS por medio del parámetro values. • https://github.com/eventum/eventum/blob/master/CHANGELOG.md https://github.com/eventum/eventum/releases/tag/v3.5.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter. Se detectó un problema en Eventum versión 3.5.0. El archivo htdocs/switch.php presenta un problema de tipo XSS por medio del parámetro current_page. • https://github.com/eventum/eventum/blob/master/CHANGELOG.md https://github.com/eventum/eventum/releases/tag/v3.5.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •