PT-2019-8908 · Eventum · Eventum
Yaroslav Babin
·
Published
2019-05-24
·
Updated
2019-05-28
·
CVE-2018-12624
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Eventum version 3.5.0
Description
An issue was discovered in the software, where the /htdocs/post note.php endpoint has a cross-site scripting (XSS) issue via the
garlic prefix parameter.Recommendations
For Eventum version 3.5.0, avoid using the
garlic prefix parameter in the /htdocs/post note.php endpoint until the issue is resolved. Consider restricting access to this endpoint to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eventum