2 matches found
CVE-2020-26583
Sage DPW 2020_06_x before 2020_06_002 is affected by CVE-2020-26583: unauthenticated users can upload JavaScript in the expenses claiming feature, but viewing requires authentication, enabling persistent HTML/JS injection into pages. Impact includes content alteration, redirection, and potential ...
Sage DPW 2020_06_000 / 2020_06_001 XSS / File Upload
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting and Unauthenticated Malicious File Upload product: Sage DPW vulnerable version: 202006000 & 202006001 fixed version: 202006002 CVE number:...