Vulnerabilities (CVE)

Filtered by vendor Mecodia Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-41519 1 Mecodia 1 Feripro 2024-10-29 N/A 5.4 MEDIUM
Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field.
CVE-2024-41517 1 Mecodia 1 Feripro 2024-10-28 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges.
CVE-2024-41518 1 Mecodia 1 Feripro 2024-09-03 N/A 7.5 HIGH
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants.