3 matches found
CVE-2007-1331
Multiple cross-site scripting XSS vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some...
CVE-2007-1332
CVE-2007-1332 describes multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java . Attackers can perform unspecified restricted actions in the context of affected accounts by bypassing the client-side protection scheme. The entry notes a high impact ...
EPortfolio 1.0 - Client-Side Input Validation
source: https://www.securityfocus.com/bid/22829/info ePortfolio is prone to a client-side input-validation vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to perform various attacks that are caused by input-validation...