Alert IDs:
- 77682c9c-06f8-4829-a967-2c29deb3e430
- d76660b5-1546-48b2-ba30-feb1e9187a87
- e4ca68e3-bacd-495c-b698-e4b33173251e
- ed79f46f-d4b0-4660-afa9-b369d4146020
Vulnerabilities in portal
Release: March19 release 2
Total Vulnerabilities: 4
Severity: MEDIUM (Score: 6.4)
Description:
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8268
Alert ID: 77682c9c-06f8-4829-a967-2c29deb3e430
Severity: MEDIUM (Score: 4.3)
Description:
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8267
Alert ID: d76660b5-1546-48b2-ba30-feb1e9187a87
Severity: CRITICAL (Score: 9.0)
Description:
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-7551
Alert ID: e4ca68e3-bacd-495c-b698-e4b33173251e
Severity: MEDIUM (Score: 4.3)
Description:
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8266
Alert ID: ed79f46f-d4b0-4660-afa9-b369d4146020
Alert IDs:
Vulnerabilities in portal
Release: March19 release 2
Total Vulnerabilities: 4
1. CVE-2014-8268
Severity: MEDIUM (Score: 6.4)
Description:
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8268
Alert ID: 77682c9c-06f8-4829-a967-2c29deb3e430
2. CVE-2014-8267
Severity: MEDIUM (Score: 4.3)
Description:
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8267
Alert ID: d76660b5-1546-48b2-ba30-feb1e9187a87
3. CVE-2019-7551
Severity: CRITICAL (Score: 9.0)
Description:
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-7551
Alert ID: e4ca68e3-bacd-495c-b698-e4b33173251e
4. CVE-2014-8266
Severity: MEDIUM (Score: 4.3)
Description:
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8266
Alert ID: ed79f46f-d4b0-4660-afa9-b369d4146020