Vulnerabilities > Qdpm

DATE CVE VULNERABILITY TITLE RISK
2019-05-14 CVE-2019-8391 Cross-site Scripting vulnerability in Qdpm 9.1
qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter.
network
low complexity
qdpm CWE-79
6.1
2019-05-14 CVE-2019-8390 Cross-site Scripting vulnerability in Qdpm 9.1
qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.
network
low complexity
qdpm CWE-79
6.1
2017-03-17 CVE-2015-3884 Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 8.3/9.0/9.1
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.
network
low complexity
qdpm CWE-434
8.8
2017-03-17 CVE-2015-3883 Cross-site Scripting vulnerability in Qdpm 8.3
Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "Name of application" on index.php/configuration; (3) a new project name on index.php/projects; (4) the task name on index.php/tasks; (5) ticket name on index.php/tickets; (6) discussion name on index.php/discussions; (7) report name on index.php/projectReports; or (8) event name on index.php/scheduler/personal.
network
low complexity
qdpm CWE-79
6.1
2017-03-17 CVE-2015-3882 Information Exposure vulnerability in Qdpm 8.3
qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message.
network
low complexity
qdpm CWE-200
5.3
2017-03-17 CVE-2015-3881 Information Exposure vulnerability in Qdpm 8.3
Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.
network
low complexity
qdpm CWE-200
7.5