Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:1 p.m.9 views

CVE-2024-25634

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue...

7.2CVSS6.7AI score0.00748EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/02/19 7:53 p.m.15 views

CVE-2024-25634 IDOR make user can read e-mail log sent by other events

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue...

7.2CVSS6.9AI score0.00748EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/19 7:53 p.m.15 views

CVE-2024-25634 IDOR make user can read e-mail log sent by other events

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue...

7.2CVSS7.1AI score0.00748EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/19 7:48 p.m.42 views

CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...

8.8CVSS8.8AI score0.00716EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/02/19 7:48 p.m.16 views

CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...

8.8CVSS6.8AI score0.00716EPSS
Exploits1References1
NVD
NVD
added 2024/02/16 9:15 p.m.30 views

CVE-2024-25628

Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for th...

7.6CVSS7.5AI score0.00379EPSS
Exploits0References1
NVD
NVD
added 2024/02/16 9:15 p.m.12 views

CVE-2024-25627

Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an...

4.8CVSS3.7AI score0.0043EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/02/16 8:27 p.m.8 views

CVE-2024-25627 Cross-Site Scripting (XSS) via File Upload in Alf.io

Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an...

3.5CVSS5.9AI score0.0043EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/02/16 12:0 a.m.7 views

Alf.io Code Issue Vulnerability

alf.io is open source ticket reservation system. A code issue vulnerability exists in versions prior to Alf.io 2.0-M4-2402 that stems from allowing users after invalidated/deleted to access administrative areas...

7.6CVSS7AI score0.00379EPSS
Exploits0References2
Rows per page
Query Builder