151 matches found
CVE-2017-9366
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Base/Dashboard/Dashboard0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tabname parameter...
Cross site scripting
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Base/Dashboard/Dashboard0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tabname parameter...
CVE-2017-9366
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Base/Dashboard/Dashboard0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tabname parameter...
CVE-2017-9366
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Base/Dashboard/Dashboard0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tabname parameter...
CVE-2017-9366
Telaxus EPESI 1.8.2 and earlier is affected by a Stored XSS in modules/Base/Dashboard/Dashboard_0.php via a crafted tab_name parameter. Affected product: EPESI (Polish open-source CRM) versions up to 1.8.2.1. Root cause: input in tab_name not properly sanitized, enabling injection of arbitrary sc...
Telaxus EPESI Agenda Component Cross-Site Scripting Vulnerability
Telaxus EPESI is a Telaxus Web CRM/ERP application for storing, organizing, accessing, and sharing business records to accurately manage a wide range of data.Agenda component is a Web-based component for managing meeting information. A cross-site scripting vulnerability exists in the...
CVE-2017-9331
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter...
Cross site scripting
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter...
CVE-2017-9331
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter...
CVE-2017-9331
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting XSS vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter...
CVE-2017-9331
CVE-2017-9331 concerns the Telaxus EPESI Agenda component (versions 1.8.2 and earlier). The vulnerability is a Stored XSS in the file modules/Utils/RecordBrowser/RecordBrowserCommon_0.php , enabling a remote attacker to inject arbitrary web script or HTML through a crafted meeting description par...
Telaxus EPESI Cross-Site Scripting Vulnerability
Telaxus EPESI is a Polish company Telaxus open source customer relationship management system based on PHP/Ajax framework CRM. The system provides schedule management , multi-user address book , proxy matters and other functions . Telaxus EPESI 1.8.2 and earlier versions of the module...
CVE-2017-8763
Cross-site scripting XSS vulnerability in modules/Base/Box/checkfornewversion.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter...
CVE-2017-8763
Cross-site scripting XSS vulnerability in modules/Base/Box/checkfornewversion.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in modules/Base/Box/checkfornewversion.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter...
CVE-2017-8763
Cross-site scripting XSS vulnerability in modules/Base/Box/checkfornewversion.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter...
CVE-2017-8763
CVE-2017-8763 affects Telaxus EPESI, specifically versions <= 1.8.2, where an XSS flaw exists in modules/Base/Box/check_for_new_version.php due to a crafted URI lacking the cid parameter. Reported impacts indicate remote injection of arbitrary script/HTML. OpenVAS notes EPESI
Cross site scripting
Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data visible, tab, cid passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/savefilters.php URL. An attacker could execute arbitrary HTML...
CVE-2017-6491
Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data tooltipid, callback, args, cid passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and scrip...
CVE-2017-6487
Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data state, element, id, tab, cid passed to the "EPESI-master/modules/Utils/RecordBrowser/favorites.php" URL. An attacker could execute arbitrary HT...