2 matches found
CVE-2021-31673
A Dom-based Cross-site scripting XSS vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter...
Cyclos 4 PRO 跨站脚本漏洞
Cyclos 4 PRO is a web server. a cross-site scripting vulnerability exists in Cyclos 4 PRO version 4.14.7 and earlier, which stems from a failure to validate user input during error notification. A remote, unauthenticated attacker could execute javascript code via undefine enumeration constants...