Vulnerabilities > Vfairs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2020-26679 | Authorization Bypass Through User-Controlled Key vulnerability in Vfairs 3.3 vFairs 3.3 is affected by Insecure Permissions. | 4.3 |
| 2021-05-26 | CVE-2020-26680 | Cross-site Scripting vulnerability in Vfairs 3.3 In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. | 5.4 |