Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Eventobot: Malicious URLs Can Steal User Data or Take Control
CVE-2025-40638
Summary
A security issue in Eventobot allows hackers to create fake URLs that can trick users into doing bad things, like stealing their private information or taking actions without their permission. This can happen when a user clicks on a specially crafted URL. To protect yourself, update Eventobot to the latest version or use a security tool to block malicious URLs.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| sbitsoft | eventobot | All versions | – |
Original title
A reflected Cross-Site Scripting (XSS) vulnerability has been
found in Eventobot. This vulnerability allows an attacker to execute
JavaScript code in the victim's browser by sending him/her a mal...
Original description
A reflected Cross-Site Scripting (XSS) vulnerability has been
found in Eventobot. This vulnerability allows an attacker to execute
JavaScript code in the victim's browser by sending him/her a malicious
URL using the 'name' parameter in '/search-results'. This vulnerability
can be exploited to steal sensitive user data, such as session cookies,
or to perform actions on behalf of the user.
found in Eventobot. This vulnerability allows an attacker to execute
JavaScript code in the victim's browser by sending him/her a malicious
URL using the 'name' parameter in '/search-results'. This vulnerability
can be exploited to steal sensitive user data, such as session cookies,
or to perform actions on behalf of the user.
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026