2 matches found
CVE-2014-8268
QPR Portal CVE-2014-8268 is an authorization-bypass flaw in which an unauthenticated attacker could modify or delete notes by directly referencing identifiers in versions 2012.0-era and older (not affected in 2012.2.1+). The issue is documented as an authorization bypass via a user-controlled key...
QPR Portal contains multiple vulnerabilities
Overview QPR Portal versions 2014.1.1 and older contain reflected and stored cross-site scripting vulnerabilities, and versions 2012.2.0 and older contain an insecure direct object reference vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site...