CVE-2021-31674
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.
Date published : 2022-05-01
http://packetstormsecurity.com/files/167040/Cyclos-4.14.7-Cross-Site-Scripting.html