RSS   Podatności dla 'Coins construction cloud'   RSS

2022-04-14
 
CVE-2021-45227

CWE-79
 

 
An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack.

 
 
CVE-2021-45228

CWE-79
 

 
An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user.

 

 >>> Vendor: Coins-global 2 Produkty
Construction cloud
Coins construction cloud


Copyright 2024, cxsecurity.com

 

Back to Top