Lucene search
K

34 matches found

OSV
OSV
added 2023/04/28 6:15 p.m.3 views

CVE-2023-30455

An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...

7.5CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2023/04/28 6:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...

5CVSS7.4AI score0.01047EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/04/28 12:0 a.m.7 views

ebankIT 安全漏洞

ebankIT is a banking software from ebankIT Portugal. A security vulnerability exists in versions prior to ebankIT 7. The vulnerability stems from an attacker sending a request with more than 100 statement IDs, which could overload the server for all users and cause a denial of service...

7.5CVSS7.3AI score0.01047EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.4 views

PT-2023-22702 · Ebankit · Ebankit

Name of the Vulnerable Software and Affected Versions: ebankIT versions prior to 7 Description: An issue allows a Denial-of-Service attack through the EStatementsIds GET parameter located on the "/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx" endpoint. This parameter accepts...

7.5CVSS6.7AI score0.01047EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/04/28 12:0 a.m.57 views

CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

6.1AI score0.00535EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/28 12:0 a.m.7 views

CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

6AI score0.00535EPSS
Exploits1References2
CVE
CVE
added 2023/04/28 12:0 a.m.48 views

CVE-2023-30454

CVE-2023-30454 affects ebankIT before version 7, with a DOM-based XSS at the endpoint /Security/Transactions/Transactions.aspx . An attacker can supply JavaScript in the POST parameter ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray , which is passed to an internal eval...

6.1CVSS5.9AI score0.00535EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2023/04/28 12:0 a.m.342 views

ebankIT 6 Cross Site Scripting

CVE-2023-30454 Description An issue was discovered in ebankIT before version 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the...

6.9AI score0.00535EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.4 views

PT-2023-22701 · Ebankit · Ebankit

Name of the Vulnerable Software and Affected Versions: ebankIT versions prior to 7 Description: An issue exists where Document Object Model based XSS is present within the "/Security/Transactions/Transactions.aspx" endpoint. Users can supply their own JavaScript within the...

6.1CVSS6AI score0.00535EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/28 12:0 a.m.6 views

ebankIT 跨站脚本漏洞

ebankIT is a banking software from ebankIT Portugal. A cross-site scripting vulnerability exists in versions prior to ebankIT 7. The vulnerability stems from the presence of a cross-site scripting XSS vulnerability based on the Document Object Model...

6.1CVSS5.9AI score0.00535EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/04/28 12:0 a.m.7 views

CVE-2023-30455

An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...

7.5AI score0.01047EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/04/28 12:0 a.m.25 views

CVE-2023-30455

An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...

7.7AI score0.01047EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2023/04/28 12:0 a.m.332 views

ebankIT 6 Denial Of Service

CVE-2023-30455 Description An issue was discovered in ebankIT before version 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100...

6.9AI score0.01047EPSS
Exploits1
CVE
CVE
added 2023/04/28 12:0 a.m.37 views

CVE-2023-30455

CVE-2023-30455 affects ebankIT before version 7. A DoS vulnerability exists in the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint: the GET parameter EStatementsIds accepts 100+ comma-separated IDs without error, causing the server to respond in about 60 seconds and g...

7.5CVSS7.4AI score0.01047EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder