CVE-2025-40638

Name of the Vulnerable Software and Affected Versions Eventobot (affected versions not specified)

Description A reflected Cross-Site Scripting (XSS) issue exists in Eventobot. This allows an attacker to execute JavaScript code in a victim’s browser. The attack is carried out by sending a malicious URL utilizing the name parameter within the '/search-results' API endpoint. Successful exploitation could lead to the theft of sensitive user data, such as session cookies, or the ability to perform actions as the user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.