VYPR

Track\+

by Track\+

CVEs (2)

  • CVE-2011-1671Apr 10, 2011
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party…

  • CVE-2007-2819May 22, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter.