CVE-2019-20150
- EPSS 0.29%
- Veröffentlicht 20.08.2020 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:38:06
In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials....
CVE-2019-20151
- EPSS 0.24%
- Veröffentlicht 20.08.2020 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:38:06
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Appr...
CVE-2019-20152
- EPSS 0.24%
- Veröffentlicht 20.08.2020 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:38:06
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow compo...