VYPR

Helloasso

by Helloasso

CVEs (5)

  • CVE-2025-24575MedJan 24, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso HelloAsso helloasso allows Stored XSS.This issue affects HelloAsso: from n/a through <= 1.1.11.

  • CVE-2024-37488MedJul 21, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso HelloAsso helloasso.This issue affects HelloAsso: from n/a through <= 1.1.9.

  • CVE-2024-32697MedApr 22, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.5.

  • CVE-2024-44052MedNov 1, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in HelloAsso HelloAsso helloasso.This issue affects HelloAsso: from n/a through <= 1.1.10.

  • CVE-2024-7605MedSep 5, 2024
    risk 0.21cvss 4.3epss 0.00

    The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and…