Date published: 2015-01-31T21:59:03.503-05:00
Date last modified: 2015-02-02T17:55:17.507-05:00
CVSS Score: 4.3
Principal attack vector: NETWORK
Reference URL: http://www.kb.cert.org/vuls/id/546340
Summary: Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.