2 matches found
CVE-2014-2947
Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter.
CVE-2014-2948
SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request.