Unrated severityNVD Advisory· Published Oct 5, 2020· Updated Aug 4, 2024
CVE-2020-26166
CVE-2020-26166
Description
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- qdPM/qdPMdescription
Patches
Vulnerability mechanics
References
3- qdpm.net/qdpm-release-notes-free-project-managementmitrex_refsource_MISC
- github.com/Kajmer/CVEs/blob/main/CVE-2020-26166.mdmitrex_refsource_MISC
- sourceforge.net/projects/qdpm/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.