4 matches found
CVE-2013-6285
The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020...
Cross site request forgery (csrf)
The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020...
Cross site scripting
Cross-site scripting XSS vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component...
Code injection
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...