199 matches found
CVE-2023-31867
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection...
CVE-2023-31868
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...
Input validation
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection...
Cross site scripting
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...
CVE-2023-31867
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection...
CVE-2023-31868
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...
CVE-2023-31868
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...
Sage Group Sage X3 跨站脚本漏洞
Sage Group Sage X3 is a software application from Sage Group UK. An enterprise resource planning ERP product developed for mature organizations. A security vulnerability exists in Sage X3 version 12.14.0.50-0, which arises from the fact that portions of the web application are dynamically...
CVE-2023-31867
Sage X3 v12.14.0.50-0 is documented as vulnerable to CSV injection. The issue affects the Sage X3 software, with the root cause described in connected records as related to input validation (per PRION entry). The CVE entry notes CSV injection as the vulnerability, and Red Hat/CNNVD/NVD references...
CVE-2023-31868
CVE-2023-31868 concerns Sage X3 Web, version 12.14.0.50-0, with cross-site scripting (XSS) via unsanitized user input in parts of the web app that are dynamically built. The vulnerability is triggered when HTML/JavaScript code is injected into input fields that are not validated/filtered, and suc...
PT-2023-23497 · Sage · Sage X3
Name of the Vulnerable Software and Affected Versions: Sage X3 version 12.14.0.50-0 Description: The issue is related to CSV Injection. Recommendations: For Sage X3 version 12.14.0.50-0, at the moment, there is no information about a newer version that contains a fix for this issue...
CVE-2023-31867
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection...
PT-2023-3640 · Sage · Sage X3
Name of the Vulnerable Software and Affected Versions: Sage X3 version 12.14.0.50-0 Description: The issue is related to Cross Site Scripting XSS in the Sage X3 Web application. Some parts of the application are dynamically built using user inputs, but these inputs are not verified or filtered,...
WAVLINK WN579 X3 messages.txt Access Control Error Vulnerability
WAVLINK WN579 X3, a wireless router from WAVLINK China, is vulnerable to an access control error in WAVLINK WN579 X3 M79X3.V5030.191012. The vulnerability is caused by the failure to set reasonable access rights to the messages.txt file, which can be exploited to obtain critical information by...
CVE-2022-34570
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page...
CVE-2022-34570
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page...
CVE-2022-34570
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page...
Information disclosure
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page...
CVE-2022-34570
CVE-2022-34570 concerns WAVLINK WN579 X3 (M79X3.V5030.191012) where an information leak allows attackers to obtain key information by accessing the vulnerable file, messages.txt. The root cause is an access control error or insufficient access rights handling on messages.txt, as described in mult...
PT-2022-22209 · Wavlink · Wavlink Wn579X3
Name of the Vulnerable Software and Affected Versions: WAVLINK WN579 X3 version M79X3.V5030.191012 Description: The issue allows attackers to obtain key information by accessing the "messages.txt" page, resulting in an information leak. Recommendations: For version M79X3.V5030.191012, consider...