22 matches found
CVE-2024-41517
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro = v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges...
CVE-2024-41519
Feripro = v2.2.3 is vulnerable to Cross Site Scripting XSS via "/admin/programm//zuordnung/veranstaltungen/" through the "school" input field...
CVE-2024-41518
An Incorrect Access Control vulnerability in "/admin/programm//export/statistics" in Feripro = v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants...
CVE-2024-41519
Feripro /zuordnung/veranstaltungen/" through the "school" input field...
CVE-2024-41519
Feripro /zuordnung/veranstaltungen/" through the "school" input field...
CVE-2024-41518
An Incorrect Access Control vulnerability in "/admin/programm//export/statistics" in Feripro = v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants...
CVE-2024-41517
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro = v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges...
CVE-2024-41518
An Incorrect Access Control vulnerability in "/admin/programm//export/statistics" in Feripro = v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants...
CVE-2024-41517
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro = v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges...
CVE-2024-41517
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro = v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges...
CVE-2024-41518
CVE-2024-41518 concerns Feripro prior to 2.2.3, where an Incorrect Access Control flaw in the endpoint /admin/programm//export/statistics allows remote attackers to export an XLSX file containing registrations and participant information. The Red Hat and NVD entries corroborate the same path and ...
CVE-2024-41517
CVE-2024-41517 : Feripro versions
CVE-2024-41519
Feripro /zuordnung/veranstaltungen/" through the "school" input field...
CVE-2024-41517
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro = v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges...
CVE-2024-41519
Feripro /zuordnung/veranstaltungen/" through the "school" input field...
PT-2024-29436 · Feripro · Feripro
Name of the Vulnerable Software and Affected Versions: Feripro versions prior to 2.2.3 Description: The issue concerns an Incorrect Access Control vulnerability. It affects the "/admin/programm//export/statistics" endpoint, allowing remote attackers to export an XLSX file containing information...
Mercodia Feripro 安全漏洞
Mercodia Feripro is a vacation management software from Mercodia USA. A security vulnerability exists in Mercodia Feripro 2.2.3 and earlier versions, which stems from the presence of a cross-site scripting XSS vulnerability...
CVE-2024-41519
Feripro <= v2.2.3 is affected by a Cross-Site Scripting (XSS) vulnerability in the admin endpoint used for program/ Veranstalungen mapping, exploitable via the school input field at /admin/programm//zuordnung/veranstaltungen/. Multiple sources confirm the issue affects Feripro 2.2.3 and earlie...
Mercodia Feripro 安全漏洞
Mercodia Feripro is a vacation management software from Mercodia USA. A security vulnerability exists in Mercodia Feripro 2.2.3 and earlier versions, which stems from an incorrect access control vulnerability in /admin/benutzer/institution/rechteverwaltung/uebersicht, which allows a remote attack...
PT-2024-29435 · Feripro · Feripro
Name of the Vulnerable Software and Affected Versions: Feripro versions prior to 2.2.3 Description: The issue is related to an Incorrect Access Control vulnerability. It affects the "/admin/benutzer/institution/rechteverwaltung/uebersicht" endpoint, allowing remote attackers to obtain a list of a...