Cyclos: community verdicts
2 notable / known-exploited Cyclos CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Cyclos CVE, see NVD ↗.
- CVE-2021-31674MED 6.1EPSS 4%
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.
- CVE-2021-31673MED 6.1EPSS 3%
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.