151 matches found
CVE-2017-6489
EPESI ≤ 1.8.1.1 contains multiple Cross-Site Scripting (XSS) flaws due to insufficient sanitization of user-supplied data (element, state, cat, id, cid) passed to the Subscribe endpoint. The identified vulnerable component is EPESI-master/modules/Utils/Watchdog/subscribe.php, which can process un...
CVE-2017-6491
CVE-2017-6491 concerns EPESI 1.8.1.1. The vulnerability stems from multiple XSS issues caused by insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. Exploitation could allow an attacker to inject and execute...
EPESI CRM 1.5.5 Cross Site Scripting
============================================================== Title ...| EPESI CRM vulnerable to persistent XSS Version .| epesi-1.5.5-20140113.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://epe.si/download ==============================================================...
GroupWare epesiBIM 1.2.1 - Multiple Web Vulnerabilities
Document Title: =============== GroupWare epesiBIM 1.2.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=501 Release Date: ============= 2012-04-09 Vulnerability Laboratory ID VL-ID: ==================================== 501...
Multiple vulnerabilities in epesi BIM
Vulnerability ID: HTB23061 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinepesibim.html Product: epesi BIM Vendor: Telaxus LLC http://www.epesibim.com/ Vulnerable Version: 1.2.0-rev8154 and probably prior Tested Version: 1.2.0-rev8154 Vendor Notification: 30 November 2011...
epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities
epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/51149/info epesi BIM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execu...
epesi BIM 1.2.0-rev8154 Cross Site Scripting
Vulnerability ID: HTB23061 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinepesibim.html Product: epesi BIM Vendor: Telaxus LLC http://www.epesibim.com/ Vulnerable Version: 1.2.0-rev8154 and probably prior Tested Version: 1.2.0-rev8154 Vendor Notification: 30 November 2011...
epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/51149/info epesi BIM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
Cross-site Scripting (XSS) Vulnerabilities in epesi BIM
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in epesi BIM which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in epesi BIM 1.1 The vulnerability exists due to input sanitation error in the "diratual"...
CVE-2007-4026
CVE-2007-4026 affects the Epesi framework prior to 0.8.6. The issue: improper verification of file extensions during the gallery images upload feature, enabling remote attackers to upload and execute arbitrary PHP code via unspecified vectors. Documents do not provide explicit exploit steps or af...
CVE-2007-4026
epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information...