3 matches found
CVE-2024-45299
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator / event admin could break their own install by inserting non correctly escaped text. The...
CVE-2024-45299
creationtimestamp| type| source ---|---|--- 2024-09-06 15:46:00+00:00| seen| https://t.me/cvedetector/4962...
CVE-2024-45299
alf.io prior to version 2.0-M5 has an input escaping flaw in preloaded JSON data that can cause installation instability when administrators insert non-escaped text. The issue is mitigated by upgrading to version 2.0-M5, which fixes the escaping problem. The CSP blocks script execution; no exploi...