Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action.
CPE | Name | Operator | Version |
---|---|---|---|
tornado_knowledge_retrieval_system | le | 4.2 |