2 matches found
CVE-2025-40639
CVE-2025-40639 — Eventobot SQL injection is confirmed by connected sources. The vulnerability affects Eventobot and is exploitable via the promo_send parameter in the /assets/php/calculate_discount.php endpoint. The underlying issue allows an attacker to perform SQL operations including retrieve,...
CVE-2025-40638
CVE-2025-40638 is a reported reflected Cross-Site Scripting (XSS) in Eventobot. Multiple sources (NVD, Red Hat, EU ENISA, CVE List, Attackerkb, vuln enrichment) describe exploitation via a malicious URL that uses the name parameter in /search-results to execute JavaScript in the victim’s browser,...