2 matches found
CVE-2019-11643
The CVE-2019-11643 issue affects the OneShield Policy (Dragon Core) framework prior to 5.1.10. It is a persistent Cross‑Site Scripting (XSS) vulnerability where malicious JavaScript can be injected into textboxes of type string and stored in the data store, enabling remote exploitation by both au...
CVE-2019-11642
CVE-2019-11642 describes a log-poisoning vulnerability in the OneShield Policy (Dragon Core) framework prior to 5.1.10. Authenticated remote adversaries can inject malicious payloads into log data via headers or form elements; the payloads are then executed through a client-side debugging console...