Browse all 3 CVE security advisories affecting engelsystem. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Engelsystem serves as a volunteer management system for events, handling scheduling and coordination. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, primarily stemming from input validation flaws and misconfigurations. The system's web interface has been particularly susceptible to XSS attacks due to insufficient sanitization of user inputs. While no major public security incidents have been widely documented, the three CVEs highlight recurring issues around access control and secure coding practices. Its open-source nature allows for community scrutiny but also means vulnerabilities may be exploited before patches are applied, emphasizing the need for regular security updates and input validation in volunteer management platforms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-50924 | Stored XSS in Overview and Output fields — engelsystemCWE-79 | 7.3 | High | 2023-12-22 |
| CVE-2023-45152 | Blind Server Side Request Forgery (SSRF) in remote schedule import feature in Engelsystem — engelsystemCWE-918 | 2.0 | Low | 2023-10-16 |
| CVE-2023-45659 | Session is not expiring after password reset in Engelsystem — engelsystemCWE-613 | 3.6 | Low | 2023-10-16 |
This page lists every published CVE security advisory associated with engelsystem. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.