32 matches found
CVE-2018-12626
An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter...
EUVD-2018-4583
Malware in sbrugna...
CVE-2018-11569
Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2...
CVE-2018-11569
Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2...
Eventum Cross-Site Request Forgery Vulnerability
Eventum is a defect tracking system. The system is used to track inbound technical support, organizational tasks, bugs, etc. A cross-site request forgery vulnerability exists in the htdocs/manage/users.php file in Eventum version 3.5.0, which stems from a WEB application that does not adequately...
CVE-2018-12626
An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter...
CVE-2018-12623
An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the currentpage parameter...
CVE-2018-12628
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges...
CVE-2018-12625
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter...
CVE-2018-12625
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter...
CVE-2018-12628
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges...
CVE-2018-12627
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the shownotificationlistissues or showauthorizedissues parameter...
Cross site request forgery (csrf)
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges...
Code injection
An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the currentpage parameter...
Code injection
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the shownotificationlistissues or showauthorizedissues parameter...
Design/Logic Flaw
An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the fieldname parameter...
Cross site scripting
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter...
CVE-2018-12628
Eventum 3.5.0 is affected by a CSRF vulnerability in htdocs/manage/users.php that allows an attacker to create another user with admin privileges. This CVE-2018-12628 entry documents the issue and its impact: unauthorized account creation with admin rights via CSRF, enabling partial/high impact c...
CVE-2018-12626
An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter...
CVE-2018-12626
Eventum 3.5.0 is affected by a cross-site scripting vulnerability in /htdocs/popup.php via the cat parameter. Impact is described as client-side code execution with partial integrity impact (per CVE notes). Connected advisories from Red Hat and CNVD/EUVD mirrors confirm the same issue exists in E...