6 matches found
EUVD-2021-19386
Malware in sbrugna...
CVE-2021-32539
Add event in calendar function in the 101EIP system does not filter special characters in specific fields, which allows remote authenticated users to inject JavaScript and perform a stored XSS attack...
CVE-2021-32539
Add event in calendar function in the 101EIP system does not filter special characters in specific fields, which allows remote authenticated users to inject JavaScript and perform a stored XSS attack...
Cross site scripting
Add event in calendar function in the 101EIP system does not filter special characters in specific fields, which allows remote authenticated users to inject JavaScript and perform a stored XSS attack...
CVE-2021-32540
Hundred Plus 101EIP system (cloud-based office platform) contains a stored XSS vulnerability in its bulletin feature due to lack of input filtering of special characters. The issue allows authenticated users to inject JavaScript, leading to stored XSS. Affected component: 101EIP bulletin/announce...
CVE-2021-32539
The CVE-2021-32539 entry describes stored XSS in the 101EIP calendar add-event feature due to insufficient filtering of special characters in specific fields. Exploitation context is remote authenticated access; impact is the ability to inject JavaScript and trigger stored XSS after authenticatio...