CVE-2018-12626

Name of the Vulnerable Software and Affected Versions Eventum version 3.5.0

Description An issue was discovered in the software, where the /htdocs/popup.php endpoint has a cross-site scripting (XSS) vulnerability via the cat parameter. This allows for potential malicious script execution.

Recommendations For Eventum version 3.5.0, as a temporary workaround, consider restricting access to the /htdocs/popup.php endpoint or sanitizing the cat parameter to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.