Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version...
9.8CVSS
9.4AI Score
0.002EPSS
An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values...
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin...
8.8CVSS
8.6AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page...
6.1CVSS
6.2AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix...
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname...
8.1CVSS
8.2AI Score
0.006EPSS
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to...
7.5CVSS
7.6AI Score
0.02EPSS
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to...
6AI Score
0.014EPSS
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6).....
8.9AI Score
0.009EPSS