Alert IDs:
- 3ade6087-17b3-4459-acb4-32ed15b321d2
- 890c3613-26d5-4f0f-9fa9-59002563d113
- c18e0ba1-e3e7-469f-9690-7e0148d35413
- dfa5d167-df81-4848-9586-e7d0e785081c
Vulnerabilities in portal
Release: March19
Total Vulnerabilities: 4
Severity: CRITICAL (Score: 9.0)
Description:
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-7551
Alert ID: 3ade6087-17b3-4459-acb4-32ed15b321d2
Severity: MEDIUM (Score: 4.3)
Description:
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8267
Alert ID: 890c3613-26d5-4f0f-9fa9-59002563d113
Severity: MEDIUM (Score: 6.4)
Description:
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8268
Alert ID: c18e0ba1-e3e7-469f-9690-7e0148d35413
Severity: MEDIUM (Score: 4.3)
Description:
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8266
Alert ID: dfa5d167-df81-4848-9586-e7d0e785081c
Alert IDs:
Vulnerabilities in portal
Release: March19
Total Vulnerabilities: 4
1. CVE-2019-7551
Severity: CRITICAL (Score: 9.0)
Description:
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-7551
Alert ID: 3ade6087-17b3-4459-acb4-32ed15b321d2
2. CVE-2014-8267
Severity: MEDIUM (Score: 4.3)
Description:
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8267
Alert ID: 890c3613-26d5-4f0f-9fa9-59002563d113
3. CVE-2014-8268
Severity: MEDIUM (Score: 6.4)
Description:
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8268
Alert ID: c18e0ba1-e3e7-469f-9690-7e0148d35413
4. CVE-2014-8266
Severity: MEDIUM (Score: 4.3)
Description:
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2014-8266
Alert ID: dfa5d167-df81-4848-9586-e7d0e785081c