3 matches found
CVE-2021-32540
Hundred Plus 101EIP system (cloud-based office platform) contains a stored XSS vulnerability in its bulletin feature due to lack of input filtering of special characters. The issue allows authenticated users to inject JavaScript, leading to stored XSS. Affected component: 101EIP bulletin/announce...
CVE-2021-32540 Hundred Plus 101EIP - Stored XSS-2
Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack...
CVE-2021-32540
Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack...