CVE-2021-4257

The CVE-2021-4257 entry concerns ctrlo lenio. The vulnerability is in the Task Handler’s views/task.tt, where manipulating the argument path site.org.name/check.name/task.tasktype.name/task.name enables cross-site scripting. A remote attacker could exploit this, with impact limited to client-side...

CVE-2021-4254

CVE-2021-4254 affects ctrlo lenio, specifically the Notice Handler’s file views/layouts/main.tt. The vulnerability arises from manipulation of the argument notice.notice.text, enabling cross-site scripting (XSS). The issue can be exploited remotely and is tied to an unknown functionality within t...

CVE-2021-4256

CVE-2021-4256 affects the ctrlo lenio project, originating from an issue in the file views/index.tt. Attacker-controlled parameters task.name and task.site.org.name can be manipulated to trigger cross-site scripting. The vulnerability is exploitable remotely. A patch is identified by the hash e16...

CVE-2021-4253

The CVE-2021-4253 entry concerns the ctrlo lenio project, specifically the Ticket Handler component’s library lib/Lenio.pm. The vulnerability arises from an issue in the function handling the site_id parameter, leading to cross-site scripting that can be triggered remotely. Affected versions and ...

CVE-2021-4255

CVE-2021-4255 affects ctrlo lenio. The vulnerability lies in an unknown functionality of views/contractor.tt where manipulating the contractor.name parameter leads to cross-site scripting. Exploitation is described as potentially remote. A patch identifier is provided (e1646d5cd0a2fbab9eb505196dd...