Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.
5.9AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.
5.9AI Score
0.002EPSS
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.
6.8AI Score
0.003EPSS