EUVD-2020-19060

Malware in sbrugna...

CVE-2020-26517

A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...

CVE-2020-26517

A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...

CVE-2020-26515

An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...

CVE-2020-26517

A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...

CVE-2020-26516

The CVE-2020-26516 issue affects Intland codeBeamer ALM (versions 10.x through 10.1.SP4). The root cause is missing CSRF tokens in requests that trigger server actions, allowing crafted requests to cause a victim’s browser to perform undesired actions within the web application. The NVD entry lis...

PT-2021-11243 · Intland · Codebeamer Alm

Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4 Description: A cross-site scripting XSS issue was discovered. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project, using the users...

Intland Software codeBeamer ALM 跨站脚本漏洞

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in Intland that can be exploit...

CVE-2020-26513

An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks...

CVE-2020-26513

An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks...

Xxe

An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks...

CVE-2020-26513

Intland codeBeamer ALM 10.x–10.1.SP4 is affected by an XML External Entity (XXE) vulnerability in the ReqIF XML data import path. The issue arises because ReqIF data is parsed by insecurely configured components, enabling XXE attacks (as described in PT-2020-16433 and corroborated by CVE-2020-265...

CVE-2019-19913

In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter...

CVE-2019-19912

In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting XSS vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file...

Cross site scripting

In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting XSS vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file...

CVE-2019-19912

Intland codeBeamer ALM

CVE-2019-19913

Intland codeBeamer ALM 9.5 and earlier is affected by a stored XSS vulnerability in the Trackers Title parameter. The root cause is improper handling/validation of this input, allowing injected scripts to execute in the context of the vulnerable page. Affected software: codeBeamer ALM 9.5 and ear...