3 matches found
CVE-2024-25627 Cross-Site Scripting (XSS) via File Upload in Alf.io
Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an...
CVE-2024-25627 Cross-Site Scripting (XSS) via File Upload in Alf.io
Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an...
CVE-2024-25627
CVE-2024-25627 affects Alf.io. The vulnerability is an XSS via HTML file upload that requires administrative access to trigger a JavaScript payload, enabling persistence if an attacker gains admin rights. Affected software is Alf.io prior to version 2.0-M4-2402; the issue has been addressed in ve...