Vulnerabilities > CRK

DATE CVE VULNERABILITY TITLE RISK
2020-12-23 CVE-2020-13969 Cross-site Scripting vulnerability in CRK Business Platform 2019.1
CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter.
network
low complexity
crk CWE-79
6.1
2020-12-23 CVE-2020-13968 SQL Injection vulnerability in CRK Business Platform 2019.1
CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter.
network
low complexity
crk CWE-89
critical
9.8