RSS   Vulnerabilities for 'Portal'   RSS

2015-01-31
 
CVE-2014-8268

CWE-264
 
 
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.

 
 
CVE-2014-8267

CWE-79
 
 
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.

 
 
CVE-2014-8266

CWE-79
 
 
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.

 

Copyright 2024, cxsecurity.com

 

Back to Top