CVE-2019-25316
- EPSS 0.03%
- Veröffentlicht 11.02.2026 14:56:54
- Zuletzt bearbeitet 11.02.2026 15:27:26
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requ...
CVE-2020-37018
- EPSS 0.04%
- Veröffentlicht 29.01.2026 14:28:33
- Zuletzt bearbeitet 29.01.2026 16:31:00
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrat...
CVE-2021-43176
- EPSS 0.62%
- Veröffentlicht 07.12.2021 18:15:07
- Zuletzt bearbeitet 21.11.2024 06:28:46
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do n...
CVE-2021-43175
- EPSS 0.36%
- Veröffentlicht 07.12.2021 18:15:06
- Zuletzt bearbeitet 21.11.2024 06:28:46
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial valid...