CVE-2022-43342

A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...

CVE-2022-43342

CVE-2022-43342 describes a stored cross-site scripting (XSS) vulnerability in Eramba GRC Software version c2.8.1, exploitable via a crafted payload injected into the KPI Title field in the Add function. The CVE notes that attackers can execute arbitrary web scripts or HTML, with the impact limite...

PT-2022-26859 · Unknown · Eramba Grc

Name of the Vulnerable Software and Affected Versions: Eramba GRC Software version c2.8.1 Description: A stored cross-site scripting XSS issue in the Add function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. This enables...

CVE-2020-25104

eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension...