Vulnerabilities > Hundredplus > 101Eip
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-28 | CVE-2021-32539 | Cross-site Scripting vulnerability in Hundredplus 101Eip 200925 Add event in calendar function in the 101EIP system does not filter special characters in specific fields, which allows remote authenticated users to inject JavaScript and perform a stored XSS attack. | 3.5 |
2021-05-28 | CVE-2021-32540 | Cross-site Scripting vulnerability in Hundredplus 101Eip 200925 Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack. | 3.5 |