3 matches found
CVE-2009-3581
Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...
CVE-2009-3581
Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...
CVE-2009-3581
SQL-Ledger 2.8.24 is affected by multiple cross-site scripting (XSS) vulnerabilities described under CVE-2009-3581. The flaws enable remote authenticated users to inject arbitrary web script or HTML via specific fields: (1) DCN Description in Accounts Receivables Add Transaction, (2) Description ...