Feripro
Monthly
Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.