Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

alfio-event — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting alfio-event. AI-powered Chinese analysis, POCs, and references for each vulnerability.

alfio-event is an open-source event management platform primarily used for conference and workshop organization. Historically, it has been vulnerable to multiple remote code execution (RCE) flaws, cross-site scripting (XSS), and privilege escalation vulnerabilities, with 11 CVEs documented. These issues often stem from insufficient input validation and improper access controls. The platform's security posture has been compromised in incidents where attackers exploited these weaknesses to gain unauthorized system access or execute malicious code. Regular security updates are recommended for users, as past vulnerabilities have demonstrated potential for complete system compromise when unpatched.

Top products by alfio-event: alf.io alfio-event/alf.io
CVE IDTitleCVSSSeverityPublished
CVE-2026-41412 alf.io vulnerable to Arbitrary File Read and Exfil via simpleHttpClient Extension Script — alf.ioCWE-22 4.9 Medium2026-06-02
CVE-2026-35482 alf.io has an Authenticated RCE via Extension Script Sandbox Escape — alf.ioCWE-863 8.0 High2026-06-02
CVE-2024-45300 Bypassing promo code limitations with race conditions — alf.ioCWE-362 7.5 High2024-09-06
CVE-2024-45299 alf.io's preloaded data as json is not escaped correctly — alf.ioCWE-116 6.5 Medium2024-09-06
CVE-2024-25634 IDOR make user can read e-mail log sent by other events — alf.ioCWE-497 7.2 High2024-02-19
CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS — alf.ioCWE-612 8.8 High2024-02-19
CVE-2024-25627 Cross-Site Scripting (XSS) via File Upload in Alf.io — alf.ioCWE-79 3.5 Low2024-02-16
CVE-2024-25628 Insufficient Session Expiration in alf.io — alf.ioCWE-613 7.6 High2024-02-16
CVE-2023-2260 Authorization Bypass Through User-Controlled Key in alfio-event/alf.io — alfio-event/alf.ioCWE-639 6.5 -2023-04-24
CVE-2023-2259 Improper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.io — alfio-event/alf.ioCWE-1336 7.6 -2023-04-24
CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io — alfio-event/alf.ioCWE-1236 7.3 -2023-04-24
CVE-2023-0300 Cross-site Scripting (XSS) - Reflected in alfio-event/alf.io — alfio-event/alf.ioCWE-79 6.1 -2023-01-14
CVE-2023-0301 Cross-site Scripting (XSS) - Stored in alfio-event/alf.io — alfio-event/alf.ioCWE-79 5.4 -2023-01-14

This page lists every published CVE security advisory associated with alfio-event. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.