2 matches found
CVE-2022-34323
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model...
CVE-2022-34323
Sage XRT Business Exchange 12.4.302 contains multiple stored XSS flaws. An authenticated user can trigger JavaScript execution in other users’ browsers via: (1) Filters/Display model names rendered as HTML, (2) Alert names in Notifications/alerts, and (3) the File download feature where form fiel...