VYPR
Unrated severityNVD Advisory· Published Oct 5, 2020· Updated Aug 4, 2024

CVE-2020-26166

CVE-2020-26166

Description

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • qdPM/qdPMdescription
  • Qdpm/Qdpmllm-fuzzy
    Range: =9.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.