151 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data...
CVE-2017-9622
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data...
CVE-2017-9621
Cross-site scripting XSS vulnerability in modules/Base/Lang/Administrator/updatetranslation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 original or 2 new parameter...
CVE-2017-9624
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data...
CVE-2017-9624
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data...
CVE-2017-9621
Cross-site scripting XSS vulnerability in modules/Base/Lang/Administrator/updatetranslation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 original or 2 new parameter...
CVE-2017-9623
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data...
CVE-2017-9622
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data...
CVE-2017-9624
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data...
CVE-2017-9623
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data...
CVE-2017-9622
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data...
CVE-2017-9621
Cross-site scripting XSS vulnerability in modules/Base/Lang/Administrator/updatetranslation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 original or 2 new parameter...
CVE-2017-9623
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data...
CVE-2017-9624
Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data...
CVE-2017-9624
CVE-2017-9624 affects Telaxus EPESI 1.8.2 and earlier, with multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data. Public references consistently describe XSS in EPESI and point toward prior ve...
CVE-2017-9623
Telaxus EPESI is affected by multiple XSS vulnerabilities in version 1.8.2 and earlier, exploitable via crafted country data. The issue is the ability for remote attackers to inject arbitrary web script or HTML into the user’s browser. OpenVAS indicates a fix in EPESI
CVE-2017-9622
Telaxus/EPESI is affected by multiple XSS vulnerabilities in version 1.8.2 and earlier, allowing remote attackers to inject arbitrary web script or HTML via crafted data. The OpenVAS entry corroborates XSS across multiple parameters. Exploitation would occur in the web interface; no in-wild explo...
CVE-2017-9621
EPESI (Telaxus) 1.8.2 and earlier contains a Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php, exploitable via the original or new parameter. Affected component is the update_translation.php translation update logic; root cause is unsanitized user...
Telaxus EPESI cross-site scripting vulnerability (CNVD-2017-11057)
Telaxus EPESI is a Polish company Telaxus open source customer relationship management system based on PHP/Ajax framework CRM. The system provides schedule management , multi-user address book , proxy matters and other functions . A cross-site scripting vulnerability exists in the...