CVE-2018-12627
Eventum 3.5.0 is affected by a cross-site scripting (XSS) vulnerability in /htdocs/list.php, exploitable via the show_notification_list_issues or show_authorized_issues parameters. The issue allows an attacker to inject client-side code, with impact described as typical XSS; exploitation details ...