4 results (0.003 seconds)

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code. PTC Codebeamer es vulnerable a una vulnerabilidad de cross site scripting que podría permitir a un atacante inyectar y ejecutar código malicioso. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields. codeBeamer versiones anteriores a 9.5.0-RC3, no restringe apropiadamente la capacidad de ejecutar código Java personalizado y acceder al cargador de clases Java por medio de campos calculados. • https://codebeamer.com/cb/wiki/7372223 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter. En Intland codeBeamer ALM versiones 9.5 y anteriores, presenta una vulnerabilidad de tipo XSS almacenado por medio del parámetro Trackers Title. codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2020/Apr/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file. En Intland codeBeamer ALM versiones 9.5 y anteriores, una vulnerabilidad de tipo cross-site scripting (XSS) en la funcionalidad Upload Flash File permite a atacantes remotos autenticados inyectar scripts arbitrarios por medio de un script activo insertado en un archivo SWF. codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •