3 matches found
Cross site scripting
An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting XSS via malicious links affecting the search window and activity view window...
PT-2022-12310 · Coins · Coins Construction Cloud
Name of the Vulnerable Software and Affected Versions: COINS Construction Cloud version 11.12 Description: The issue is related to improper input neutralization, making it vulnerable to reflected cross-site scripting XSS via malicious links. This affects the search window and activity view window...
Information disclosure
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information...