VYPR
Vendor

Telaxius

Products
1
CVEs
19
Across products
19
Status
Private

Products

1

Recent CVEs

19
  • CVE-2017-9624MedJun 14, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data.

  • CVE-2017-9623MedJun 14, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.

  • CVE-2017-9622MedJun 14, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.

  • CVE-2017-9621MedJun 14, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter.

  • CVE-2017-8763MedMay 4, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter.

  • CVE-2017-6491MedMar 5, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute…

  • CVE-2017-6490MedMar 5, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An…

  • CVE-2017-6489MedMar 5, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could…

  • CVE-2017-6488MedMar 5, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php URL. An attacker could…

  • CVE-2017-6487MedMar 5, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the "EPESI-master/modules/Utils/RecordBrowser/favorites.php" URL. An attacker…

  • CVE-2017-14717MedSep 22, 2017
    risk 0.38cvss 5.4epss 0.01

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.

  • CVE-2017-14712MedSep 22, 2017
    risk 0.38cvss 5.4epss 0.01

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.

  • CVE-2017-14716MedSep 22, 2017
    risk 0.35cvss 5.4epss 0.01

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.

  • CVE-2017-14715MedSep 22, 2017
    risk 0.35cvss 5.4epss 0.01

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.

  • CVE-2017-14714MedSep 22, 2017
    risk 0.35cvss 5.4epss 0.01

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.

  • CVE-2017-14713MedSep 22, 2017
    risk 0.35cvss 5.4epss 0.01

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.

  • CVE-2017-9331MedJun 1, 2017
    risk 0.35cvss 5.4epss 0.01

    The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description…

  • CVE-2017-9366MedJun 2, 2017
    risk 0.31cvss 4.8epss 0.01

    Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.

  • CVE-2007-4026Jul 26, 2007
    risk 0.00cvss epss 0.01

    epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party…