RSS   Vulnerabilities for 'Eramba'   RSS

2018-03-09
 
CVE-2018-7997

CWE-79
 

 
Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript.

 
 
CVE-2018-7996

CWE-79
 

 
Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter.

 
 
CVE-2018-7894

CWE-79
 

 
Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_filter parameter (aka the Search Parameter).

 
2018-03-07
 
CVE-2018-7741

CWE-79
 

 
Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI.

 


Copyright 2019, cxsecurity.com

 

Back to Top