Description

Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration.

Remediation

References

CVE-2020-18468

Related Vulnerabilities

MySQL CVE-2022-39404 Vulnerability (CVE-2022-39404)

Oracle JRE CVE-2013-5805 Vulnerability (CVE-2013-5805)

MySQL CVE-2023-22110 Vulnerability (CVE-2023-22110)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease SQL Injection (4.6.1)

ReviveAdserver Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-22948)

Severity

Medium

Classification

CVE-2020-18468 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities