RSS   Podatności dla 'Eramba'   RSS

2020-09-03
 
CVE-2020-25105

CWE-640
 

 
eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).

 
 
CVE-2020-25104

CWE-79
 

 
eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension.

 
2018-03-09
 
CVE-2018-7997

CWE-79
 

 
Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript.

 
 
CVE-2018-7996

CWE-79
 

 
Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter.

 
 
CVE-2018-7894

CWE-79
 

 
Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_filter parameter (aka the Search Parameter).

 
2018-03-07
 
CVE-2018-7741

CWE-79
 

 
Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI.

 


Copyright 2024, cxsecurity.com

 

Back to Top