22 matches found
CVE-2021-31674
Cyclos 4 PRO 4.14.7 and earlier is affected by a DOM/UX-related cross-site scripting vulnerability: it does not validate user input in error information, enabling a remote unauthenticated attacker to execute JavaScript via an undefined enum constant. This issue is documented across multiple sourc...
CVE-2021-31674
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant...