7 matches found
EUVD-2019-7899
Malware in sbrugna...
CVE-2019-17551
In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:richtexteditornotetext parameter in the Notes section. Although versions...
CVE-2019-17551
In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:richtexteditornotetext parameter in the Notes section. Although versions...
CVE-2019-17551
In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:richtexteditornotetext parameter in the Notes section. Although versions...
Cross site scripting
In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:richtexteditornotetext parameter in the Notes section. Although versions...
CVE-2019-17551
In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:richtexteditornotetext parameter in the Notes section. Although versions...
CVE-2019-17551
CVE-2019-17551 affects Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5. An attacker can send an authenticated POST to /WFS/agreementView.faces to trigger a stored XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text field in the Notes section. The issue is tied to the WYSIW...