8 matches found
CVE-2017-14715
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter...
Cross site scripting
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter...
CVE-2017-14714
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter...
CVE-2017-14715
CVE-2017-14715 affects EPESI 1.8.2 rev20170830 with a Stored XSS in the Tasks Alerts Title parameter. The CNVD entry confirms a cross-site scripting vulnerability exists and that an attacker can inject arbitrary web script or HTML. No additional technical details (e.g., exploit steps, affected ve...
CVE-2017-14712
Affected product: EPESI 1.8.2 rev20170830. Vulnerability: Stored XSS in the Tasks Phonecall Notes Title parameter. Root cause (per sources): unescaped input in that field allows script injection, enabling arbitrary script execution in the context of the user. Impact: described as cross-site scrip...
CVE-2017-14717
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter...
CVE-2017-14713
Affected product: EPESI 1.8.2 rev20170830. Vulnerability: Stored XSS in the Phonecalls Description parameter. Root cause: input is stored and rendered in a way that allows injection of web script/HTML. Impact in CVSS indicates MEDIUM severity (CVSS-3.0 base 5.4) with user interaction required. No...
CVE-2017-14715
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter...