2 matches found
CVE-2018-19794
The CVE-2018-19794 entry describes a Cross-site Scripting (XSS) vulnerability in UiV2Public.index of Internet2 Grouper versions 2.2 and 2.3, allowing remote attackers to inject arbitrary web script or HTML via the code parameter. Affected product is Internet2 Grouper (UiV2Public.index) with the u...
CVE-2025-59714
The CVE-2025-59714 entry concerns Internet2 Grouper. Affected: Grouper versions 5.17.1 up to 5.20.4 (before 5.20.5). Issue: group admins who are not Grouper sysadmins can configure loader jobs, enabling potential unauthorized loader job creation. Root cause: mis-validation/configuration of loader...