PT-2025-28956 · Evesys · Evesys
Published
2025-07-09
·
Updated
2025-07-10
·
CVE-2021-27961
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
evesys versions 7.1 (2152) through 8.0 (2202)
Description:
The software contains a reflected cross-site scripting (XSS) issue. The issue is located in the
indexeva.php file through the action parameter.Recommendations:
evesys versions prior to 7.1 (2152)
evesys versions after 8.0 (2202)
As a temporary workaround, consider restricting access to the
indexeva.php file to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evesys