Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field.
[
{
"cpes": [
"cpe:2.3:a:bonitasoft:bonita_web:*:*:*:*:*:*:*:*"
],
"vendor": "bonitasoft",
"product": "bonita_web",
"versions": [
{
"status": "affected",
"version": "7.14",
"lessThan": "9.0.2",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.14",
"lessThan": "8.0.3",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.14",
"lessThan": "7.15.7",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.14",
"lessThan": "7.14.8",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]