Skip to main content

Vfairs

4 CVEs product

Monthly

CVE-2020-26680 MEDIUM This Month

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vfairs
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-26679 MEDIUM This Month

vFairs 3.3 is affected by Insecure Permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Authentication Bypass PHP Vfairs
NVD VulDB
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-26678 HIGH This Week

vFairs 3.3 is affected by Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Vfairs
NVD VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-26677 HIGH This Week

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Vfairs
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
EPSS 0% CVSS 5.4
MEDIUM This Month

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vfairs
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM This Month

vFairs 3.3 is affected by Insecure Permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Authentication Bypass PHP +1
NVD VulDB
EPSS 2% CVSS 8.8
HIGH This Week

vFairs 3.3 is affected by Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Vfairs
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy