Vulnerabilities > Qdpm > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-26 | CVE-2020-18468 | Cross-site Scripting vulnerability in Qdpm 9.1 Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration. | 3.5 |
| 2020-10-05 | CVE-2020-26166 | Cross-site Scripting vulnerability in Qdpm 9.1 The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. | 3.5 |