This page lists publicly disclosed CVE vulnerabilities affecting mecodia feripro (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-41519 | Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field. | [email protected] | 5.4 | 0.35% | 2024-08-02 | 2026-06-17 |
| CVE-2024-41518 | An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants. | [email protected] | 7.5 | 0.65% | 2024-08-02 | 2026-06-17 |
| CVE-2024-41517 | An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges. | [email protected] | 5.3 | 0.57% | 2024-08-02 | 2026-06-17 |