2 matches found
CVE-2014-8267
CVE-2014-8267 is a reflected XSS vulnerability affecting QPR Portal 2014.1.1 and earlier, exploitable via the RID parameter. The issue, confirmed across multiple sources (NVD entry and CERT advisory), allows remote attackers to inject arbitrary script/HTML in the victim’s browser. The risk is des...
QPR Portal contains multiple vulnerabilities
Overview QPR Portal versions 2014.1.1 and older contain reflected and stored cross-site scripting vulnerabilities, and versions 2012.2.0 and older contain an insecure direct object reference vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site...