Van Lyubov

#10179of 53,633
27.1Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2024-26605
8.8
2024-06-08
Kivicare · Kivicare · CVE-2024-35659
**Name of the Vulnerable Software and Affected Versions** KiviCare versions 3.6.2 and earlier **Description** The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability in KiviCare. This vulnerability allows for unauthorized access. **Recommendations** For versions 3.6.2 and earlier, update to a version later than 3.6.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-25572
5.9
2024-05-03
Eventon · Eventon · CVE-2024-33940
**Name of the Vulnerable Software and Affected Versions** EventON versions through 2.2.14 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables an attacker to inject malicious scripts into the website, potentially affecting users. **Recommendations** For versions through 2.2.14, update to a version later than 2.2.14 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.
PT-2024-23441
6.5
2024-03-29
Metagauss · Metagauss Profilegrid · CVE-2024-30513
**Name of the Vulnerable Software and Affected Versions** Metagauss ProfileGrid versions through 5.7.2 **Description** The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid. **Recommendations** For versions through 5.7.2, update to a version later than 5.7.2 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.
PT-2024-22193
5.9
2024-03-21
Repute Infosystems · Armember · CVE-2024-27995
**Name of the Vulnerable Software and Affected Versions** Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup versions through 4.0.23 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For versions through 4.0.23, update to a version later than 4.0.23 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.