eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.
8AI Score
0.004EPSS
eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.
7.2AI Score
0.007EPSS