Lucene search

K

Treasuryxpress Security Vulnerabilities

cve
cve

CVE-2019-20150

In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's...

6.5CVSS

6.4AI Score

0.001EPSS

2020-08-20 01:15 PM
33
cve
cve

CVE-2019-20152

An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow...

6.1CVSS

5.9AI Score

0.001EPSS

2020-08-20 01:15 PM
15
cve
cve

CVE-2019-20151

An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the...

6.1CVSS

6AI Score

0.001EPSS

2020-08-20 01:15 PM
15
cve
cve

CVE-2015-4626

B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an...

7.5CVSS

7.4AI Score

0.005EPSS

2017-01-23 09:59 PM
20