CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13893
https://notcve.org/view.php?id=CVE-2020-13893
18 Oct 2020 — Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E). Múltiples vulnerabilidades de tipo cross-site scripting (XSS) almacenado en Sage EasyPay versión 10.7.5.10, permiten a atacantes autenticados inyectar script web o HTML a... • https://gist.github.com/picar0jsu/4532a6d15e8f8d7597b7dca5136ad655 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3183 – Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions
https://notcve.org/view.php?id=CVE-2017-3183
24 Jul 2018 — Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determined by the USER_CODE field associated with the querying user. By modifying the USER_CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database. A... • https://www.kb.cert.org/vuls/id/742632 • CWE-639: Authorization Bypass Through User-Controlled Key CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-3384
https://notcve.org/view.php?id=CVE-2011-3384
08 Sep 2011 — Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Sage add-on v1.3.10 y anterior para Firefox, permite a atacantes remotos inyectar código de su elección a través de secuencias de comandos web o HTML a través de un feed modificado. Una vulnerabilidad diferente de CV... • http://jvn.jp/en/jp/JVN30221194/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2009-4102
https://notcve.org/view.php?id=CVE-2009-4102
28 Nov 2009 — Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. Sage v1.4.3 y anteriores extensiones para Firefox realiza ciertas operaciones con privilegios del chrome, lo que permite a atacantes remotos ejecutar comandos de su elección y realizar ataques ataques de secuencias de comandos a través de la etiqueta descripción de un fee... • http://forums.mozillazine.org/viewtopic.php?f=48&t=1603515&start=0 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 1%CPEs: 5EXPL: 1CVE-2007-0896 – Sage 1.3.6 - Extension Feed HTML Injection
https://notcve.org/view.php?id=CVE-2007-0896
13 Feb 2007 — Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "