Filtered by vendor Mecodia
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-41519 | 1 Mecodia | 1 Feripro | 2024-10-29 | N/A | 5.4 MEDIUM |
Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field. | |||||
CVE-2024-41517 | 1 Mecodia | 1 Feripro | 2024-10-28 | N/A | 5.3 MEDIUM |
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges. | |||||
CVE-2024-41518 | 1 Mecodia | 1 Feripro | 2024-09-03 | N/A | 7.5 HIGH |
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants. |