πŸ” CVE Alert

CVE-2025-40638

UNKNOWN 0.0

Reflected Cross-Site Scripting (XSS) in Eventobot

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

CWE CWE-79
Vendor eventobot
Product eventobot
Published Mar 9, 2026
Last Updated Mar 9, 2026
Stay Ahead of the Next One

Get instant alerts for eventobot eventobot

Be the first to know when new unknown vulnerabilities affecting eventobot eventobot are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

EVENTOBOT / Eventobot
all versions

References

NVD β†— CVE.org β†— EPSS Data β†—
incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-eventobot

Credits

Gonzalo Aguilar GarcΓ­a (6h4ack)