PT-2019-8909 · Eventum · Eventum
Yaroslav Babin
·
Published
2019-07-10
·
Updated
2019-07-10
·
CVE-2018-12625
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Eventum version 3.5.0
Description
An issue was discovered in the software, where the
/htdocs/validate.php endpoint has a cross-site scripting (XSS) vulnerability via the values parameter.Recommendations
For Eventum version 3.5.0, consider restricting access to the
/htdocs/validate.php endpoint until a patch is available, and avoid using the values parameter in this endpoint to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eventum