4 matches found
CVE-2013-6285
The vulnerability CVE-2013-6285 affects the Treasurer application’s search component in Tyler Technologies TaxWeb 3.13.3.1. It allows remote attackers to obtain sensitive query-structure information by sending an invalid search request. This is described as a separate issue from CVE-2013-6020. Th...
CVE-2013-6020
The issue (CVE-2013-6020) affects Tyler Technologies TaxWeb 3.13.3.1 and its Password Reset flow (passwordRequestPOST.jsp). The root cause is that invalid password-recovery requests return different HTTP status codes depending on whether the target user exists, enabling remote attackers to enumer...
CVE-2013-6019
CVE-2013-6019 affects Tyler Technologies TaxWeb 3.13.3.1. The Red Hat/NVD entries describe a reflected cross-site scripting vulnerability: an attacker can inject arbitrary HTML/script via the vulnerable accountNum parameter to an unspecified component. Impact stated across sources is that a remot...
CVE-2013-6018
CVE-2013-6018 describes a cross-site request forgery (CSRF) vulnerability in Tyler Technologies’ TaxWeb 3.13.3.1, specifically affecting the login.jsp page. The issue allows a remote attacker to hijack the authentication of arbitrary users by inducing them to perform a password-changing action, i...