Alert IDs:
- 73b2c69e-9c64-4d85-883b-25c252a2477e
- 810bafec-11a5-48a0-858c-7d6bc5cd1dd2
- d5b7330c-6bb0-40c0-80c1-5dbb8a6e9496
- f2bf0c6d-10d9-4fd3-b349-6ddb10b8c397
Vulnerabilities in portal
Release: 1.0.125
Total Vulnerabilities: 4
Severity: MEDIUM (Score: 4.3)
Description:
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8267
Alert ID: 73b2c69e-9c64-4d85-883b-25c252a2477e
Severity: CRITICAL (Score: 9.0)
Description:
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-7551
Alert ID: 810bafec-11a5-48a0-858c-7d6bc5cd1dd2
Severity: MEDIUM (Score: 4.3)
Description:
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8266
Alert ID: d5b7330c-6bb0-40c0-80c1-5dbb8a6e9496
Severity: MEDIUM (Score: 6.4)
Description:
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8268
Alert ID: f2bf0c6d-10d9-4fd3-b349-6ddb10b8c397
Alert IDs:
Vulnerabilities in portal
Release: 1.0.125
Total Vulnerabilities: 4
1. CVE-2014-8267
Severity: MEDIUM (Score: 4.3)
Description:
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8267
Alert ID: 73b2c69e-9c64-4d85-883b-25c252a2477e
2. CVE-2019-7551
Severity: CRITICAL (Score: 9.0)
Description:
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-7551
Alert ID: 810bafec-11a5-48a0-858c-7d6bc5cd1dd2
3. CVE-2014-8266
Severity: MEDIUM (Score: 4.3)
Description:
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8266
Alert ID: d5b7330c-6bb0-40c0-80c1-5dbb8a6e9496
4. CVE-2014-8268
Severity: MEDIUM (Score: 6.4)
Description:
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8268
Alert ID: f2bf0c6d-10d9-4fd3-b349-6ddb10b8c397