CVE-2026-28037

Name of the Vulnerable Software and Affected Versions ashanjay EventON versions through 4.9.12

Description The software contains a flaw related to improper input handling during web page generation, leading to a Reflected Cross-Site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability exists due to insufficient sanitization of user-supplied input. The affected component is EventON.

Recommendations Update EventON to a version later than 4.9.12.