20 matches found
CVE-2025-40638
A reflected Cross-Site Scripting XSS vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal...
CVE-2025-40639
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...
EUVD-2025-208398
A reflected Cross-Site Scripting XSS vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal...
EUVD-2025-208399
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...
EUVD-2025-208400
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...
EUVD-2025-208397
A reflected Cross-Site Scripting XSS vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal...
CVE-2025-40639
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...
CVE-2025-40638
A reflected Cross-Site Scripting XSS vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal...
CVE-2025-40639
CVE-2025-40639 — Eventobot SQL injection is confirmed by connected sources. The vulnerability affects Eventobot and is exploitable via the promo_send parameter in the /assets/php/calculate_discount.php endpoint. The underlying issue allows an attacker to perform SQL operations including retrieve,...
CVE-2025-40639 SQL injection in Eventobot
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...
CVE-2025-40639
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...
CVE-2025-40639 SQL injection in Eventobot
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...
CVE-2025-40638 Reflected Cross-Site Scripting (XSS) in Eventobot
A reflected Cross-Site Scripting XSS vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal...
CVE-2025-40638 Reflected Cross-Site Scripting (XSS) in Eventobot
A reflected Cross-Site Scripting XSS vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal...
CVE-2025-40638
A reflected Cross-Site Scripting XSS vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal...
CVE-2025-40638
CVE-2025-40638 is a reported reflected Cross-Site Scripting (XSS) in Eventobot. Multiple sources (NVD, Red Hat, EU ENISA, CVE List, Attackerkb, vuln enrichment) describe exploitation via a malicious URL that uses the name parameter in /search-results to execute JavaScript in the victim’s browser,...
PT-2026-24051
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo send' parameter in the '/assets/php/calculate discount.php'...
Eventobot 跨站脚本漏洞
Eventobot is a ticketing management system developed by Eventobot Inc. Eventobot has a cross-site scripting vulnerability, which stems from insufficient cleaning and escaping of the name parameter. This vulnerability may lead to reflective cross-site scripting attacks...
Eventobot SQL注入漏洞
Eventobot is a ticketing management system developed by Eventobot Inc. Eventobot has a SQL injection vulnerability, which stems from insufficient cleaning and escaping of the promosend parameter. This vulnerability may lead to SQL injection attacks...
PT-2026-24050
A reflected Cross-Site Scripting XSS vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal...