34 matches found
CVE-2023-30455
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...
Design/Logic Flaw
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...
ebankIT 安全漏洞
ebankIT is a banking software from ebankIT Portugal. A security vulnerability exists in versions prior to ebankIT 7. The vulnerability stems from an attacker sending a request with more than 100 statement IDs, which could overload the server for all users and cause a denial of service...
PT-2023-22702 · Ebankit · Ebankit
Name of the Vulnerable Software and Affected Versions: ebankIT versions prior to 7 Description: An issue allows a Denial-of-Service attack through the EStatementsIds GET parameter located on the "/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx" endpoint. This parameter accepts...
CVE-2023-30454
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...
CVE-2023-30454
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...
CVE-2023-30454
CVE-2023-30454 affects ebankIT before version 7, with a DOM-based XSS at the endpoint /Security/Transactions/Transactions.aspx . An attacker can supply JavaScript in the POST parameter ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray , which is passed to an internal eval...
ebankIT 6 Cross Site Scripting
CVE-2023-30454 Description An issue was discovered in ebankIT before version 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the...
PT-2023-22701 · Ebankit · Ebankit
Name of the Vulnerable Software and Affected Versions: ebankIT versions prior to 7 Description: An issue exists where Document Object Model based XSS is present within the "/Security/Transactions/Transactions.aspx" endpoint. Users can supply their own JavaScript within the...
ebankIT 跨站脚本漏洞
ebankIT is a banking software from ebankIT Portugal. A cross-site scripting vulnerability exists in versions prior to ebankIT 7. The vulnerability stems from the presence of a cross-site scripting XSS vulnerability based on the Document Object Model...
CVE-2023-30455
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...
CVE-2023-30455
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without...
ebankIT 6 Denial Of Service
CVE-2023-30455 Description An issue was discovered in ebankIT before version 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100...
CVE-2023-30455
CVE-2023-30455 affects ebankIT before version 7. A DoS vulnerability exists in the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint: the GET parameter EStatementsIds accepts 100+ comma-separated IDs without error, causing the server to respond in about 60 seconds and g...