111 matches found
CVE-2026-42197
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...
CVE-2026-42197
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...
EUVD-2026-32627
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...
CVE-2026-42197
CVE-2026-42197 affects RELATE, a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 are vulnerable to a stored XSS via an unprivileged user profile. The vulnerability arises in the get_user() method of ParticipationAdmin, which renders user-controlled ...
CVE-2026-42197
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...
CVE-2026-42197 RELATE Vulnerable to Stored XSS via Unprivileged User Profile
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...
RELATE 跨站脚本漏洞
RELATE is a web-based course package developed by Andreas Klöckner. RELATE has a cross-site scripting vulnerability. This vulnerability stems from the getuser method in ParticipationAdmin, which uses marksafe for rendering user-controlled inputs, bypassing Django’s HTML escaping. This may lead to...
Playnance Introduces Participation-First Model for Social Gaming with New Protocol Launch
Playnance launches social gaming protocol powered by GCOIN, enabling user participation in ecosystem value, transparency, and shared digital growth...
CVE-2026-30927
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
CVE-2026-30927
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
Admidio 安全漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.6 contained security vulnerabilities. These vulnerabilities...
CVE-2026-30927
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
EUVD-2026-10439
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
CVE-2026-30927 Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
CVE-2026-30927 Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
CVE-2026-30927 Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
CVE-2026-30927
CVE-2026-30927 affects Admidio (open-source user management). Prior to 5.0.6, the event participation logic in modules/events/events_function.php allowed any user who can participate in an event to register or cancel participation for OTHER users by manipulating the user_uuid GET parameter. The c...
GHSA-7PFV-HR63-H7CW Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
Vulnerability In modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. Line 47: $getUserUuid = admFuncVariableIsValid$GET, 'useruuid', 'uuid', ... Line 424: if...
Authorization Bypass Through User-Controlled Key
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the useruuid parameter in the event participation process. An attacker can...
Admidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameter
Vulnerability In modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. Line 47: $getUserUuid = admFuncVariableIsValid$GET, 'useruuid', 'uuid', ... Line 424: if...