NotCVE - vendor:"Horizon Project" product:"Horizon"

2 results (0.007 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-125078 – yanheven console horizon.instances.js cross site scripting

https://notcve.org/view.php?id=CVE-2014-125078

15 Jan 2023 — A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The patch is identified as 32a7b713468161282f2ea01d5e2faff980d924cd. • https://github.com/yanheven/console/commit/32a7b713468161282f2ea01d5e2faff980d924cd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 3

CVE-2013-7138 – Horizon QCMS 4.0 SQL Injection / Directory Traversal

https://notcve.org/view.php?id=CVE-2013-7138

08 Jan 2014 — Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. Vulnerabilidad de recorrido de directorios en lib/functions/d-load.php de Horizon Quick Content Management System (QCMS) 4.0 y anteriores permite a atacantes remotos leer archivos de forma arbitraria a través de un .. (punto punto) en el parámetro start. Horizon QCMS version 4.0 suffers from ... • https://packetstorm.news/files/id/124725 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •