CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 3CVE-2021-26723 – Jenzabar 9.2.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-26723
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. Jenzabar versiones 9.2.x hasta 9.2.2, permite un ataque de tipo XSS de /ics?tool=search&query= Jenzabar version 9.2.2 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/161303/Jenzabar-9.2.2-Cross-Site-Scripting.html https://gist.github.com/Y0ung-DST/d1b6b65be6248b0ffc2b2f2120deb205 https://jenzabar.com/blog https://y0ungdst.medium.com/xss-in-jenzabar-cve-2021-26723-a0749231328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16778
https://notcve.org/view.php?id=CVE-2018-16778
Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field). Una vulnerabilidad Cross-Site Scripting (XSS) en Jenzabar, desde la versión v8.2.1 hasta la 9.2.0, permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro query (también conocido como campo de búsqueda). • https://metamorfosec.com/Files/Advisories/METS-2018-004-A_XSS_Vulnerability_in_Jenzabar_8.2.1_to_9.2.0.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •