Epesi Security Vulnerabilities and Issues — Epesi CVE List

Lucene search

EpesiEpesi

11 matches found

CVE•added 2017/06/14 9:29 p.m.•43 views

CVE-2017-9621

Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter.

6.1CVSS6AI score0.00283EPSS

CVE•added 2017/03/05 8:59 p.m.•39 views

CVE-2017-6489

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could execute arbitrary HTML an...

6.1CVSS6AI score0.00211EPSS

CVE•added 2017/06/01 5:29 a.m.•39 views

CVE-2017-9331

The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter.

5.4CVSS5.3AI score0.0016EPSS

CVE•added 2017/03/05 8:59 p.m.•36 views

CVE-2017-6491

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and sc...

6.1CVSS6AI score0.00211EPSS

CVE•added 2017/06/02 5:29 a.m.•36 views

CVE-2017-9366

Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.

4.8CVSS5AI score0.00183EPSS

CVE•added 2017/03/05 8:59 p.m.•35 views

CVE-2017-6488

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php URL. An attacker could execute arbitrary HT...

6.1CVSS6AI score0.00211EPSS

CVE•added 2017/03/05 8:59 p.m.•35 views

CVE-2017-6490

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An attacker could execute ...

6.1CVSS6AI score0.00211EPSS

CVE•added 2017/06/14 9:29 p.m.•35 views

CVE-2017-9622

Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.

6.1CVSS6AI score0.00222EPSS

CVE•added 2017/03/05 8:59 p.m.•34 views

CVE-2017-6487

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the "EPESI-master/modules/Utils/RecordBrowser/favorites.php" URL. An attacker could execute arbitrary ...

6.1CVSS6AI score0.00211EPSS

CVE•added 2017/06/14 9:29 p.m.•32 views

CVE-2017-9623

Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.

6.1CVSS6AI score0.00222EPSS

CVE•added 2017/06/14 9:29 p.m.•31 views

CVE-2017-9624

Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data.

6.1CVSS6AI score0.00222EPSS