Cyclos

CVEs (2)

• CVE-2021-31673May 1, 2022
  Cyclos

  Cyclos
  risk 0.03cvss —epss 0.03

  A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.

• CVE-2021-31674May 1, 2022
  Cyclos

  Cyclos
  risk 0.03cvss —epss 0.02

  Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.