8 matches found
Cross site scripting
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter...
CVE-2017-14714
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter...
CVE-2017-14715
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter...
CVE-2017-14715
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter...
CVE-2017-14713
Affected product: EPESI 1.8.2 rev20170830. Vulnerability: Stored XSS in the Phonecalls Description parameter. Root cause: input is stored and rendered in a way that allows injection of web script/HTML. Impact in CVSS indicates MEDIUM severity (CVSS-3.0 base 5.4) with user interaction required. No...
CVE-2017-14717
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter...
CVE-2017-14712
Affected product: EPESI 1.8.2 rev20170830. Vulnerability: Stored XSS in the Tasks Phonecall Notes Title parameter. Root cause (per sources): unescaped input in that field allows script injection, enabling arbitrary script execution in the context of the user. Impact: described as cross-site scrip...
CVE-2017-14715
CVE-2017-14715 affects EPESI 1.8.2 rev20170830 with a Stored XSS in the Tasks Alerts Title parameter. The CNVD entry confirms a cross-site scripting vulnerability exists and that an attacker can inject arbitrary web script or HTML. No additional technical details (e.g., exploit steps, affected ve...