2 matches found
CVE-2014-8266
CVE-2014-8266 is an XSS vulnerability in QPR Portal 2014.1.1 and earlier, affecting the note-creation page: attacker-supplied input in the title or body can inject script/HTML. The NVD entry describes multiple XSS vectors with a base CVSS v2 score of 4.3 (MEDIUM) and no data for exploitation stat...
QPR Portal contains multiple vulnerabilities
Overview QPR Portal versions 2014.1.1 and older contain reflected and stored cross-site scripting vulnerabilities, and versions 2012.2.0 and older contain an insecure direct object reference vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site...