15 matches found
CVE-2024-28734
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...
CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...
VulnCheck KEV: CVE-2024-28734
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...
CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...
CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...
PT-2024-22548 · Unit4 · Unit4 Financials
Name of the Vulnerable Software and Affected Versions: Unit4 Financials by Coda versions prior to 2023Q4 Description: The issue is related to an incorrect access control authorization bypass, allowing an authenticated user to modify the password of any user of the application via a crafted reques...
CVE-2024-28735
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...
CVE-2024-28735
Summary: CVE-2024-28735 affects Unit4 Financials by Coda prior to 2023Q4. An authenticated user can bypass access control to change any user’s password via a crafted request (PoC shows POST /coda/rest/session/password with fields including user, newPassword, and target username). Impact: password...
CVE-2024-28734
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...
PT-2024-22547 · Unit4 · Unit4 Financials
Name of the Vulnerable Software and Affected Versions: Unit4 Financials by Coda versions prior to 2023Q4 Description: The issue allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter. This enables the attacker to potentially escalate privileges...
CVE-2024-28734
CVE-2024-28734 describes a Cross‑Site Scripting vulnerability in Unit4 Financials by Coda, affecting versions prior to 2023Q4. The vulnerability resides in the /coda/frameset endpoint where the cols parameter is reflected without proper sanitization, allowing an attacker to inject JavaScript that...
CVE-2024-28734
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...
CVE-2024-28734
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...
Unit4 Financials by Coda Security Breaches
Unit4 Financials by Coda is a financial management software from Unit4 USA. A security vulnerability exists in versions of Unit4 Financials by Coda prior to 2023Q4 that stems from the presence of incorrect access controls...
Unit4 Financials by Coda Cross-Site Scripting Vulnerability
Unit4 Financials by Coda is a financial management software from the US-based Unit4, Inc. A cross-site scripting vulnerability exists in versions prior to 2023Q4 of Unit4 Financials by Coda that stems from vulnerability to cross-site scripting XSS attacks...