Vulnerabilities > QPR
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-01 | CVE-2014-8268 | Permissions, Privileges, and Access Controls vulnerability in QPR Portal QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request. | 6.4 |
2015-02-01 | CVE-2014-8267 | Cross-site Scripting vulnerability in QPR Portal Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter. | 4.3 |
2015-02-01 | CVE-2014-8266 | Cross-site Scripting vulnerability in QPR Portal Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field. | 4.3 |