RSS   Vulnerabilities for 'Bugfree'   RSS

2014-12-31
 
CVE-2011-5285

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the ActionType parameter to Bug.php, the ReportMode parameter to (2) Report.php or (3) ReportLeft.php, or the PATH_INFO to (4) AdminProjectList.php, (5) AdminGroupList.php, or (6) AdminUserLogList.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top