2 matches found
CVE-2021-32539
The CVE-2021-32539 entry describes stored XSS in the 101EIP calendar add-event feature due to insufficient filtering of special characters in specific fields. Exploitation context is remote authenticated access; impact is the ability to inject JavaScript and trigger stored XSS after authenticatio...
CVE-2021-32540
Hundred Plus 101EIP system (cloud-based office platform) contains a stored XSS vulnerability in its bulletin feature due to lack of input filtering of special characters. The issue allows authenticated users to inject JavaScript, leading to stored XSS. Affected component: 101EIP bulletin/announce...