Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.8 views

CVE-2023-40362

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...

4.3CVSS6.8AI score0.00667EPSS
Exploits1References1
NVD
NVD
added 2024/01/12 8:15 a.m.11 views

CVE-2023-40362

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...

4.3CVSS4.6AI score0.00667EPSS
Exploits1References2
Prion
Prion
added 2024/01/12 8:15 a.m.13 views

Design/Logic Flaw

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...

4CVSS7AI score0.00667EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/01/12 12:0 a.m.4 views

CVE-2023-40362

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...

4.6AI score0.00667EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/01/12 12:0 a.m.14 views

CVE-2023-40362

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...

5AI score0.00667EPSS
Exploits1References2
CVE
CVE
added 2024/01/12 12:0 a.m.34 views

CVE-2023-40362

CVE-2023-40362 concerns CentralSquare Click2Gov Building Permit prior to October 2023, where a lack of authorization protections lets an attacker delete contractors from another user’s account if they know the victim’s user ID and contractor details. Connected sources confirm the vulnerability ex...

4.3CVSS4.6AI score0.00667EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/24 12:0 a.m.6 views

PT-2023-27412 · Centralsquare · Centralsquare Click2Gov Building Permit

Name of the Vulnerable Software and Affected Versions: CentralSquare Click2Gov Building Permit versions prior to October 2023 Description: An issue was discovered in CentralSquare Click2Gov Building Permit, where lack of access control protections allows remote attackers to arbitrarily delete...

4.3CVSS4.4AI score0.00667EPSS
Exploits1References8
ThreatPost
ThreatPost
added 2020/06/26 8:18 p.m.65 views

8 U.S. City Websites Targeted in Magecart Attacks

Researchers are warning that the websites of eight U.S. cities – across three states – have been compromised with payment card-stealing Magecart skimmers. The websites all utilize Click2Gov municipality payment software, which was previously involved in data breaches. Unlike other skimmers, which...

8.3AI score0.0552EPSS
Exploits1References14
Wired Threat Level
Wired Threat Level
added 2019/09/21 12:0 p.m.168 views

Hackers Hit Click2Gov Bill-Paying Portals in 8 Cities

The new wave of attacks comes after a previous Click2Gov hack compromised 300,000 payment cards...

2.9AI score
Exploits0
ThreatPost
ThreatPost
added 2019/09/19 8:0 p.m.112 views

Payment Card Breach Hits 8 Cities Using Vulnerable Bill Portal

A vulnerable municipality payment software, which previously led to the breach of hundreds of thousands of payment cards in 2017, has been targeted once again. This time it was part of a breach involving of eight cities in August. The hack targets a flaw in Click2Gov software, which is used in...

0.2AI score
Exploits0References10
ThreatPost
ThreatPost
added 2018/12/19 7:48 p.m.12 views

Patched Click2Gov Flaw Still Afflicting Local Govs

A vulnerability in a popular municipality payment software, Click2Gov, has left hundreds of thousands of civilian payment cards compromised – and the hacks are ongoing, a new report found. Continual breaches of the vulnerable software have led to the compromise of at least 294,929 payment cards...

0.2AI score
Exploits0References7
FireEye
FireEye
added 2018/09/19 10:0 a.m.985 views

Click It Up: Targeting Local Government Payment Portals

FireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associat...

7.5CVSS0.99993EPSS
Exploits57
Rows per page
Query Builder