EUVD-2017-15059

Malware in sbrugna...

Multiple Cross-Site Scripting Vulnerabilities in PhreeBooksERP

PhreeBooksERP is an open source ERP system for accounting use. PhreeBooksERP suffers from multiple cross-site scripting vulnerabilities due to failure to adequately validate user input. An attacker could exploit this vulnerability to execute arbitrary script code on a user's browser on an affecte...

CVE-2017-5990

An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/labelmgr/jsinclude.php" and...

CVE-2017-5990

An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/labelmgr/jsinclude.php" and...

Authorization

An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/labelmgr/jsinclude.php" and...

CVE-2017-5990

An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/labelmgr/jsinclude.php" and...

CVE-2017-5990

PhreeBooksERP (pre-2017-02-13) both ShippingMethods/ups/label_mgr/js_include.php and ShippingMethods/yrc/label_mgr/js_include.php suffer from insufficient filtration of user-supplied data in the form GET parameter. This allows an attacker to trigger arbitrary HTML/JavaScript in a victim’s browser...