Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Thm Subscribe
Filtered by product Feedbacksystem
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-27485 1 Thm 1 Feedbacksystem 2023-03-14 N/A 4.3 MEDIUM
thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.