RSS   Vulnerabilities for 'Hrsale'   RSS

2020-11-24
 
CVE-2020-29053

CWE-79
 

 
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.

 
2020-10-29
 
CVE-2020-27993

CWE-22
 

 
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.

 


Copyright 2024, cxsecurity.com

 

Back to Top