MidnightBSD

Advisories for bizagi

CVE-2014-2947 MEDIUM

Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
bizagi business_process_management_suite 10.0.1
bizagi business_process_management_suite 10.0
bizagi business_process_management_suite 10.1
bizagi business_process_management_suite *
CVE-2014-2948 MEDIUM

SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
bizagi business_process_management_suite 10.2
bizagi business_process_management_suite 10.3
bizagi business_process_management_suite 10.0.1
bizagi business_process_management_suite 10.0
bizagi business_process_management_suite 10.1
bizagi business_process_management_suite *