This page aggregates publicly disclosed CVE and security risk information related to cyclos, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-31674 | Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant. | [email protected] | 6.1 | 2.16% | 2022-05-02 | 2024-11-21 |
| CVE-2021-31673 | A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter. | [email protected] | 6.1 | 2.71% | 2022-05-02 | 2024-11-21 |