Vulnerabilities > CRK
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-23 | CVE-2020-13969 | Cross-site Scripting vulnerability in CRK Business Platform 2019.1 CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. | 6.1 |
2020-12-23 | CVE-2020-13968 | SQL Injection vulnerability in CRK Business Platform 2019.1 CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter. | 9.8 |