Vulnerabilidades em alfio-event
13 resultadosCVE-2023-2259CRITICALImproper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.ioEPSS 1.1%CVE-2023-2258HIGHImproper Neutralization of Formula Elements in a CSV File in alfio-event/alf.ioEPSS 0.9%CVE-2023-2260HIGHAuthorization Bypass Through User-Controlled Key in alfio-event/alf.ioEPSS 0.9%CVE-2024-25634HIGHIDOR make user can read e-mail log sent by other eventsEPSS 0.7%CVE-2024-25635HIGHIDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERSEPSS 0.7%CVE-2024-45299MEDIUMalf.io's preloaded data as json is not escaped correctlyEPSS 0.7%CVE-2023-0300LOWCross-site Scripting (XSS) - Reflected in alfio-event/alf.ioEPSS 0.5%CVE-2023-0301MEDIUMCross-site Scripting (XSS) - Stored in alfio-event/alf.ioEPSS 0.5%CVE-2024-25627LOWCross-Site Scripting (XSS) via File Upload in Alf.ioEPSS 0.4%CVE-2024-45300HIGHBypassing promo code limitations with race conditionsEPSS 0.4%CVE-2024-25628HIGHInsufficient Session Expiration in alf.ioEPSS 0.4%CVE-2026-41412MEDIUMalf.io vulnerable to Arbitrary File Read and Exfil via simpleHttpClient Extension ScriptEPSS 0.3%CVE-2026-35482HIGHalf.io has an Authenticated RCE via Extension Script Sandbox EscapeEPSS 0.2%