4 results (0.009 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request. QPR Portal anterior a 2012.2.1 permite a atacantes remotos modificar o eliminar notas a través de una solicitud directa. • http://www.kb.cert.org/vuls/id/546340 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter. Vulnerabilidad de XSS en QPR Portal 2014.1.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro RID. • http://www.kb.cert.org/vuls/id/546340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field. Múltiples vulnerabilidades de XSS en la página de la creación de notas en QPR Portal 2014.1.1 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo (1) title o (2) body. • http://www.kb.cert.org/vuls/id/546340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en c/portal/login en Liferay Portal 4.1.0 y 4.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro login. NOTA: Este asunto segun se informa existe debido a una regresión de la que siguió una corrección en una fecha no especificada anteriormente. • https://www.exploit-db.com/exploits/30774 http://osvdb.org/38702 http://secunia.com/advisories/27537 http://secunia.com/advisories/34714 http://securityreason.com/securityalert/3379 http://www.procheckup.com/Vulnerability_PR07-02.php http://www.securityfocus.com/archive/1/483777/100/0/threaded http://www.securityfocus.com/bid/26470 http://www.securitytracker.com/id?1022063 http://www.vupen.com/english/advisories/2009/1048 https://exchange.xforce.ibmcloud.com/vulnerabilities/38503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •