8 matches found
CVE-2013-6020
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...
CVE-2013-6018
Cross-site request forgery CSRF vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password...
CVE-2013-6019
Cross-site scripting XSS vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password...
CVE-2013-6018
CVE-2013-6018 describes a cross-site request forgery (CSRF) vulnerability in Tyler Technologies’ TaxWeb 3.13.3.1, specifically affecting the login.jsp page. The issue allows a remote attacker to hijack the authentication of arbitrary users by inducing them to perform a password-changing action, i...
CVE-2013-6285
The vulnerability CVE-2013-6285 affects the Treasurer application’s search component in Tyler Technologies TaxWeb 3.13.3.1. It allows remote attackers to obtain sensitive query-structure information by sending an invalid search request. This is described as a separate issue from CVE-2013-6020. Th...
CVE-2013-6019
Cross-site scripting XSS vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component...
CVE-2013-6020
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...