Telaxius
Products
1- 19 CVEs
Recent CVEs
19| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9624 | Med | 0.40 | 6.1 | 0.01 | Jun 14, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data. | ||
| CVE-2017-9623 | Med | 0.40 | 6.1 | 0.01 | Jun 14, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data. | ||
| CVE-2017-9622 | Med | 0.40 | 6.1 | 0.01 | Jun 14, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. | ||
| CVE-2017-9621 | Med | 0.40 | 6.1 | 0.01 | Jun 14, 2017 | Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter. | ||
| CVE-2017-8763 | Med | 0.40 | 6.1 | 0.01 | May 4, 2017 | Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter. | ||
| CVE-2017-6491 | Med | 0.40 | 6.1 | 0.01 | Mar 5, 2017 | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute… | ||
| CVE-2017-6490 | Med | 0.40 | 6.1 | 0.01 | Mar 5, 2017 | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An… | ||
| CVE-2017-6489 | Med | 0.40 | 6.1 | 0.01 | Mar 5, 2017 | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could… | ||
| CVE-2017-6488 | Med | 0.40 | 6.1 | 0.01 | Mar 5, 2017 | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php URL. An attacker could… | ||
| CVE-2017-6487 | Med | 0.40 | 6.1 | 0.01 | Mar 5, 2017 | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the "EPESI-master/modules/Utils/RecordBrowser/favorites.php" URL. An attacker… | ||
| CVE-2017-14717 | Med | 0.38 | 5.4 | 0.01 | Sep 22, 2017 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | ||
| CVE-2017-14712 | Med | 0.38 | 5.4 | 0.01 | Sep 22, 2017 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | ||
| CVE-2017-14716 | Med | 0.35 | 5.4 | 0.01 | Sep 22, 2017 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. | ||
| CVE-2017-14715 | Med | 0.35 | 5.4 | 0.01 | Sep 22, 2017 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. | ||
| CVE-2017-14714 | Med | 0.35 | 5.4 | 0.01 | Sep 22, 2017 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | ||
| CVE-2017-14713 | Med | 0.35 | 5.4 | 0.01 | Sep 22, 2017 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. | ||
| CVE-2017-9331 | Med | 0.35 | 5.4 | 0.01 | Jun 1, 2017 | The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description… | ||
| CVE-2017-9366 | Med | 0.31 | 4.8 | 0.01 | Jun 2, 2017 | Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter. | ||
| CVE-2007-4026 | 0.00 | — | 0.01 | Jul 26, 2007 | epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party… |
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data.
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter.
- risk 0.40cvss 6.1epss 0.01
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute…
- risk 0.40cvss 6.1epss 0.01
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An…
- risk 0.40cvss 6.1epss 0.01
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could…
- risk 0.40cvss 6.1epss 0.01
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php URL. An attacker could…
- risk 0.40cvss 6.1epss 0.01
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the "EPESI-master/modules/Utils/RecordBrowser/favorites.php" URL. An attacker…
- risk 0.38cvss 5.4epss 0.01
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.
- risk 0.38cvss 5.4epss 0.01
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.
- risk 0.35cvss 5.4epss 0.01
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.
- risk 0.35cvss 5.4epss 0.01
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.
- risk 0.35cvss 5.4epss 0.01
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.
- risk 0.35cvss 5.4epss 0.01
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.
- risk 0.35cvss 5.4epss 0.01
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description…
- risk 0.31cvss 4.8epss 0.01
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.
- CVE-2007-4026Jul 26, 2007risk 0.00cvss —epss 0.01
epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party…