VYPR
Vendor

Alfio Event

Products
1
CVEs
13
Across products
13
Status
Private

Products

1

Recent CVEs

13
  • CVE-2026-35482HigJun 2, 2026
    risk 0.52cvss 8.0epss 0.00

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system…

  • CVE-2026-41412MedJun 2, 2026
    risk 0.32cvss 4.9epss 0.00

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client (`simpleHttpClient`) into every extension script's scope. The…

  • CVE-2024-45300Sep 6, 2024
    risk 0.00cvss epss 0.00

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event…

  • CVE-2024-45299Sep 6, 2024
    risk 0.00cvss epss 0.01

    alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator / event admin could break their own install by inserting non correctly escaped…

  • CVE-2024-25634Feb 19, 2024
    risk 0.00cvss epss 0.01

    alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue.

  • CVE-2024-25635Feb 19, 2024
    risk 0.00cvss epss 0.01

    alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26.128:8080/admin/api/users/<user_id>` endpoint, which exposes the details of the…

  • CVE-2024-25627Feb 16, 2024
    risk 0.00cvss epss 0.00

    Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist…

  • CVE-2024-25628Feb 16, 2024
    risk 0.00cvss epss 0.00

    Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known…

  • CVE-2023-2258Apr 24, 2023
    risk 0.00cvss epss 0.01

    Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.

  • CVE-2023-2259Apr 24, 2023
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.

  • CVE-2023-2260Apr 24, 2023
    risk 0.00cvss epss 0.01

    Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.

  • CVE-2023-0300Jan 14, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301.

  • CVE-2023-0301Jan 14, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301.