CVE-2019-20152
CVE-2019-20152 affects TreasuryXpress 19191105 with a reflected XSS due to insufficient input filtering in the Custom Workflow component. A malicious payload can be injected via the Create New Workflow field and then executed across the application, notably in the navigation bar. Red Hat and NVD ...