CVE-2020-26166

Posted on by admin

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn’t check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task.

Source: CVE-2020-26166

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다