Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qdpm qdpm vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-8390
qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.
Qdpm Qdpm 9.1
8.8
CVSSv3
CVE-2022-26180
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.
Qdpm Qdpm 9.2
9.8
CVSSv3
CVE-2020-11811
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file.
Qdpm Qdpm 9.1
5.4
CVSSv3
CVE-2020-11814
A Host Header Injection vulnerability in qdPM 9.1 may allow an malicious user to spoof a particular header and redirect users to malicious websites.
Qdpm Qdpm 9.1
6.1
CVSSv3
CVE-2019-8391
qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter.
Qdpm Qdpm 9.1
5.4
CVSSv3
CVE-2020-26166
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated malicious users to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task.
Qdpm Qdpm 9.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2