17 matches found
EUVD-2014-8107
Malware in sbrugna...
EUVD-2014-8108
Malware in sbrugna...
EUVD-2014-8109
Malware in sbrugna...
CVE-2014-8268
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request...
CVE-2014-8267
Cross-site scripting XSS vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter...
CVE-2014-8266
Multiple cross-site scripting XSS vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 body field...
Cross site scripting
Cross-site scripting XSS vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter...
Server side request forgery (ssrf)
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request...
CVE-2014-8266
Multiple cross-site scripting XSS vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 body field...
CVE-2014-8267
Cross-site scripting XSS vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter...
CVE-2014-8266
CVE-2014-8266 is an XSS vulnerability in QPR Portal 2014.1.1 and earlier, affecting the note-creation page: attacker-supplied input in the title or body can inject script/HTML. The NVD entry describes multiple XSS vectors with a base CVSS v2 score of 4.3 (MEDIUM) and no data for exploitation stat...
CVE-2014-8268
QPR Portal CVE-2014-8268 is an authorization-bypass flaw in which an unauthenticated attacker could modify or delete notes by directly referencing identifiers in versions 2012.0-era and older (not affected in 2012.2.1+). The issue is documented as an authorization bypass via a user-controlled key...
CVE-2014-8267
CVE-2014-8267 is a reflected XSS vulnerability affecting QPR Portal 2014.1.1 and earlier, exploitable via the RID parameter. The issue, confirmed across multiple sources (NVD entry and CERT advisory), allows remote attackers to inject arbitrary script/HTML in the victim’s browser. The risk is des...
CVE-2014-8268
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request...
QPR Portal HTML Injection Vulnerability
QPR Software Suite is a suite of business management and performance management products from the Finnish company QPR Software.QPR Portal is one of the portal products that provides features such as full-screen mode to introduce integrated navigation options, copy schematic location links and ope...
QPR Portal Authentication Bypass Vulnerability
QPR Software Suite is a suite of business management and performance management products from the Finnish company QPR Software.QPR Portal is one of the portal products that provides features such as full-screen mode to introduce integrated navigation options, copy schematic location links and ope...
QPR Portal contains multiple vulnerabilities
Overview QPR Portal versions 2014.1.1 and older contain reflected and stored cross-site scripting vulnerabilities, and versions 2012.2.0 and older contain an insecure direct object reference vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site...