2 matches found
CVE-2019-20151
CVE-2019-20151 describes an XSS flaw in TreasuryXpress 19191105. The issue arises from insufficient filtering/sanitization of user input, allowing a malicious payload to be injected in the Multi Approval security component via the Note field and then executed by the application’s administrators. ...
CVE-2019-20151
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrators. A malicious payload can be injected within the Multi Approval security component and inserted via the Note...