VYPR

Feripro

by Feripro

CVEs (3)

  • CVE-2024-41518HigAug 2, 2024
    risk 0.49cvss 7.5epss 0.01

    An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants.

  • CVE-2024-41519MedAug 2, 2024
    risk 0.35cvss 5.4epss 0.00

    Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field.

  • CVE-2024-41517MedAug 2, 2024
    risk 0.34cvss 5.3epss 0.01

    An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges.