Sql injection

INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter...

Design/Logic Flaw

INFOR EAM V11.0 Build 201410 has XSS via comment fields...

CVE-2017-7953

INFOR EAM V11.0 Build 201410 has XSS via comment fields...

CVE-2017-7953

INFOR EAM V11.0 Build 201410 has XSS via comment fields...

CVE-2017-7953

INFOR EAM V11.0 Build 201410 has XSS via comment fields...

CVE-2017-7952

INFOR EAM V11.0 Build 201410 contains an SQL injection in search/filter functionality related to the filtervalue parameter. Multiple connected sources (e.g., CVE-2017-7952 records, exploitation writeups, CNVD/PRION entries) describe a vulnerability where user-controlled filtervalue can be crafted...

CVE-2017-7953

CVE-2017-7953 concerns INFOR EAM v11.0 Build 201410, which is affected by a stored cross-site scripting (XSS) vulnerability in the comments feature. The connected sources describe injecting JavaScript into the Comments tab to trigger XSS for any authenticated user who views a comment, enabling po...