Lucene search
+L

151 matches found

nvd
nvd
added 2017/06/02 5:29 a.m.14 views

CVE-2017-9366

Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Base/Dashboard/Dashboard0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tabname parameter...

4.8CVSS4.9AI score0.00668EPSS
Exploits1References2
prion
prion
added 2017/06/02 5:29 a.m.13 views

Cross site scripting

Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Base/Dashboard/Dashboard0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tabname parameter...

3.5CVSS5.8AI score0.00668EPSS
Exploits1References2Affected Software1
osv
osv
added 2017/06/02 5:29 a.m.12 views

CVE-2017-9366

Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Base/Dashboard/Dashboard0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tabname parameter...

4.8CVSS5.6AI score
Exploits0References2
cvelist
cvelist
added 2017/06/02 5:4 a.m.17 views

CVE-2017-9366

Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Base/Dashboard/Dashboard0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tabname parameter...

5.1AI score0.00668EPSS
Exploits1References2
cve
cve
added 2017/06/02 5:4 a.m.43 views

CVE-2017-9366

Telaxus EPESI 1.8.2 and earlier is affected by a Stored XSS in modules/Base/Dashboard/Dashboard_0.php via a crafted tab_name parameter. Affected product: EPESI (Polish open-source CRM) versions up to 1.8.2.1. Root cause: input in tab_name not properly sanitized, enabling injection of arbitrary sc...

4.8CVSS5AI score0.00668EPSS
Exploits1References2Affected Software1
cnvd
cnvd
added 2017/06/02 12:0 a.m.4 views

Telaxus EPESI Agenda Component Cross-Site Scripting Vulnerability

Telaxus EPESI is a Telaxus Web CRM/ERP application for storing, organizing, accessing, and sharing business records to accurately manage a wide range of data.Agenda component is a Web-based component for managing meeting information. A cross-site scripting vulnerability exists in the...

5.4CVSS6.1AI score0.00664EPSS
Exploits1References1
nvd
nvd
added 2017/06/01 5:29 a.m.14 views

CVE-2017-9331

The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter...

5.4CVSS5.2AI score0.00664EPSS
Exploits1References2
prion
prion
added 2017/06/01 5:29 a.m.9 views

Cross site scripting

The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter...

3.5CVSS5.8AI score0.00664EPSS
Exploits1References2Affected Software1
osv
osv
added 2017/06/01 5:29 a.m.12 views

CVE-2017-9331

The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter...

5.4CVSS5.6AI score
Exploits0References2
cvelist
cvelist
added 2017/06/01 4:53 a.m.18 views

CVE-2017-9331

The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter...

5.4AI score0.00664EPSS
Exploits1References2
cve
cve
added 2017/06/01 4:53 a.m.49 views

CVE-2017-9331

CVE-2017-9331 concerns the Telaxus EPESI Agenda component (versions 1.8.2 and earlier). The vulnerability is a Stored XSS in the file modules/Utils/RecordBrowser/RecordBrowserCommon_0.php , enabling a remote attacker to inject arbitrary web script or HTML through a crafted meeting description par...

5.4CVSS5.3AI score0.00664EPSS
Exploits1References2Affected Software1
cnvd
cnvd
added 2017/05/05 12:0 a.m.4 views

Telaxus EPESI Cross-Site Scripting Vulnerability

Telaxus EPESI is a Polish company Telaxus open source customer relationship management system based on PHP/Ajax framework CRM. The system provides schedule management , multi-user address book , proxy matters and other functions . Telaxus EPESI 1.8.2 and earlier versions of the module...

6.1CVSS6.1AI score0.00766EPSS
Exploits1References1
nvd
nvd
added 2017/05/04 4:59 a.m.11 views

CVE-2017-8763

Cross-site scripting XSS vulnerability in modules/Base/Box/checkfornewversion.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter...

6.1CVSS6AI score0.00766EPSS
Exploits1References1
osv
osv
added 2017/05/04 4:59 a.m.3 views

CVE-2017-8763

Cross-site scripting XSS vulnerability in modules/Base/Box/checkfornewversion.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter...

6.1CVSS5.9AI score0.00766EPSS
Exploits1References1
prion
prion
added 2017/05/04 4:59 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in modules/Base/Box/checkfornewversion.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter...

4.3CVSS5.9AI score0.00766EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2017/05/04 3:55 a.m.19 views

CVE-2017-8763

Cross-site scripting XSS vulnerability in modules/Base/Box/checkfornewversion.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter...

6AI score0.00766EPSS
Exploits1References1
cve
cve
added 2017/05/04 3:55 a.m.45 views

CVE-2017-8763

CVE-2017-8763 affects Telaxus EPESI, specifically versions <= 1.8.2, where an XSS flaw exists in modules/Base/Box/check_for_new_version.php due to a crafted URI lacking the cid parameter. Reported impacts indicate remote injection of arbitrary script/HTML. OpenVAS notes EPESI

6.1CVSS5.9AI score0.00766EPSS
Exploits1References1Affected Software1
prion
prion
added 2017/03/05 8:59 p.m.14 views

Cross site scripting

Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data visible, tab, cid passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/savefilters.php URL. An attacker could execute arbitrary HTML...

4.3CVSS6.1AI score0.00785EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2017/03/05 8:59 p.m.15 views

CVE-2017-6491

Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data tooltipid, callback, args, cid passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and scrip...

6.1CVSS6.1AI score0.00785EPSS
Exploits1References2
nvd
nvd
added 2017/03/05 8:59 p.m.13 views

CVE-2017-6487

Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data state, element, id, tab, cid passed to the "EPESI-master/modules/Utils/RecordBrowser/favorites.php" URL. An attacker could execute arbitrary HT...

6.1CVSS6.1AI score0.00785EPSS
Exploits1References2
Rows per page
Query Builder