Filtered by vendor Pretalx Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-28459 1 Pretalx 1 Pretalx 2024-11-21 6.5 Medium
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.
CVE-2023-28458 1 Pretalx 1 Pretalx 2024-11-21 4.3 Medium
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.