Vulnerabilities > CRK
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-23 | CVE-2020-13969 | Cross-site Scripting vulnerability in CRK Business Platform CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. | 4.3 |
| 2020-12-23 | CVE-2020-13968 | SQL Injection vulnerability in CRK Business Platform CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter. | 7.5 |