Filtered by vendor Mecodia Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-41519 1 Mecodia 1 Feripro 2024-10-30 5.4 Medium
Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field.
CVE-2024-41517 1 Mecodia 1 Feripro 2024-10-29 5.3 Medium
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges.
CVE-2024-41518 2 Feripro, Mecodia 2 Feripro, Feripro 2024-09-03 7.5 High
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants.