2 matches found
CVE-2016-7840
CVE-2016-7840 is a Cross-site Scripting (XSS) vulnerability in WEB SCHEDULE (Olive Design). The issue arises from a flaw in processing the month parameter, allowing remote actors to inject arbitrary web script or HTML. Documented references (JVN entries) describe CWE-79 and indicate impact on the...
CVE-2016-7839
Olive Blog (affected product) is vulnerable to cross-site scripting via the search parameter due to a flaw in processing that parameter. The vulnerability allows an arbitrary script to run in the user’s browser. There is no publicly documented patch in the provided sources; remediation guidance f...