2 matches found
CVE-2014-2947
Bizagi BPM Suite (all versions) contains a reflected XSS in Login.aspx exposed via the txtUsername parameter. CVE-2014-2947 affects Bizagi BPM Suite before 10.3, enabling remote attackers to inject arbitrary JavaScript/HTML in the victim’s browser. CERT/ENISA notes the vulnerability as XSS with a...
Bizagi BPM Suite contains multiple vulnerabilities
Overview Bizagi BPM Suite contains a reflected cross-site scripting vulnerability and a SQL injection vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-2947According to Open-Sec consultant Mauricio Urizar, all versions...