Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
qdPM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-26166 - Vulnerability Database
qdPM

qdPM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-26166

Medium
Reference: CVE-2020-26166
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-26166
Title: qdPM Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

The file upload functionality in qdPM 9.1 doesn39t check the file description which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter aka XSS. This can occur during creation of a ticket project or task.