CNNVD-202507-1350 Information

CNNVD ID

CNNVD-202507-1350

Related CVE

CVE-2021-27961

• CNNVD Published: 2025-07-09

Description (Chinese)

Evasys是德国Evasys公司的一个为在线、纸质和混合用途提供全自动调查和考试解决方案的平台。 Evasys 7.1 (2152)至8.0 (2202)版本存在安全漏洞，该漏洞源于indexeva.php action参数容易受到反射型跨站脚本攻击。

Description (English)

Evasys is a platform provided by Evasys, Germany, to provide fully automated survey and examination solutions for online, paper and hybrid uses. Security loopholes exist in the versions of Evasys 7.1 (2152) to 8.0 (2202), which stem from the vulnerability of the reflection-type cross-station script to the parameters of indexeva.php action.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

EveHome

Published

2025-07-09

Last Modified

2026-02-24

References

https://evasys.de/en/blog/ https://gist.github.com/phlmox/c24bf28f12fbc0f2ea73dd9e8cfa94e3 https://access.redhat.com/security/cve/cve-2021-27961

Patch

https://evasys.de/en/blog/