Vulnerabilities > Cyclos
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-02 | CVE-2021-31673 | Cross-site Scripting vulnerability in Cyclos 4.0.0/4.14.7 A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter. | 6.1 |
2022-05-02 | CVE-2021-31674 | Cross-site Scripting vulnerability in Cyclos 4.0.0/4.14.7 Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant. | 6.1 |