eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-09-03
eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).
CVSS Score
9.8
EPSS Score
0.003
Published
2020-09-03