5 matches found
EUVD-2019-10708
Malware in sbrugna...
CVE-2019-20153
An issue was discovered in Determine formerly Selectica Contract Lifecycle Management CLM in v5.4. An XML external entity XXE vulnerability in the upload definition feature in definitionuploadattach.jsp allows authenticated remote attackers to read arbitrary files including configuration files...
Code injection
An issue was discovered in reportedit.jsp in Determine formerly Selectica Contract Lifecycle Management CLM v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server...
Cross site scripting
An issue was discovered in Determine formerly Selectica Contract Lifecycle Management CLM v5.4. A cross-site scripting XSS vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML...
Determine Contract Lifecycle Management Cross-Site Scripting Vulnerability
Determine Contract Lifecycle Management CLM is a suite of enterprise contract lifecycle management solutions from Determine Corporation. A cross-site scripting vulnerability exists in the getchart.jsp file in Determine CLM version 5.4, which stems from the lack of proper validation of client-side...