CVE-2018-12622
Eventum 3.5.0 is affected by an XSS in htdocs/ajax/update.php via the field_name parameter. The issue is reflected XSS with potential impact on confidentiality/integrity (per CVSSv3 6.1, MEDIUM). No exploit details or patch version are provided in the documents; a later release 3.5.2 is reference...