| BDSA-2019-2710 |
|
Low |
Aug 27, 2019 |
Zurmo is vulnerable to an IFrame injection attack. This is a type of cross-site scripting (XSS) that allows a remote attacker to inject IFrames into a
more...
Zurmo is vulnerable to an IFrame injection attack. This is a type of cross-site scripting (XSS) that allows a remote attacker to inject IFrames into a victims browser. This type of vulnerability is typically used to make a vulnerable site or application act as a staging area for further attacks. IFrames can be used to cause a victim to unintentionally download content or execute malicious scripts.
less...
|
|
| BDSA-2019-2709 |
|
Medium |
Aug 27, 2019 |
Zurmo is vulnerable to PHP code injection. This allows a remote attacker to execute PHP code on the server hosting Zurmo. This can be used to upload a
more...
Zurmo is vulnerable to PHP code injection. This allows a remote attacker to execute PHP code on the server hosting Zurmo. This can be used to upload a remote shell that will allow an attacker to gain persistent access to execute code.
less...
|
|
| BDSA-2019-2699 |
|
Medium |
Aug 23, 2019 |
Zurmo is vulnerable to PHP code injection. This allows a remote attacker to execute PHP code on the server hosting Zurmo. This can be used to upload a
more...
Zurmo is vulnerable to PHP code injection. This allows a remote attacker to execute PHP code on the server hosting Zurmo. This can be used to upload a remote shell that will allow an attacker to gain persistent access to execute code.
less...
|
|
| BDSA-2019-2555 |
|
Low |
Aug 12, 2019 |
Zurmo is vulnerable to reflected cross-site scripting (XSS) due to improper validation of user-supplied input. This could allow an attacker to inject a
more...
Zurmo is vulnerable to reflected cross-site scripting (XSS) due to improper validation of user-supplied input. This could allow an attacker to inject arbitrary web scripts and obtain sensitive information such as authentication tokens and user session cookies.
less...
|
|
| BDSA-2019-2554 |
|
Low |
Aug 12, 2019 |
Zurmo is vulnerable to stored cross-site scripting (XSS) due to improper validation of user-supplied input. This could allow an attacker to inject arbi
more...
Zurmo is vulnerable to stored cross-site scripting (XSS) due to improper validation of user-supplied input. This could allow an attacker to inject arbitrary web scripts and obtain sensitive information such as authentication tokens and user session cookies.
less...
|
|
| BDSA-2019-2553 |
|
Low |
Aug 12, 2019 |
Zurmo is vulnerable to reflected cross-site scripting (XSS) due to improper validation of user-supplied input. This could allow an attacker to inject a
more...
Zurmo is vulnerable to reflected cross-site scripting (XSS) due to improper validation of user-supplied input. This could allow an attacker to inject arbitrary web scripts and obtain sensitive information such as authentication tokens and user session cookies.
less...
|
|
