← Back

Mecodia

mecodia

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Feripro
feripro
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-41519
1Mecodia
1Feripro
Oct 29, 2024
Aug 2, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field.
CVE-2024-41518
1Mecodia
1Feripro
Sep 3, 2024
Aug 2, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants.
CVE-2024-41517
1Mecodia
1Feripro
Oct 28, 2024
Aug 2, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges.