CVE-2019-17504

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. A reflected Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter...

CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...