Vulnerabilities > Sage

DATE CVE VULNERABILITY TITLE RISK
2023-01-01 CVE-2022-34322 Cross-site Scripting vulnerability in Sage Enterprise Intelligence 2021R1.1
Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers.
network
low complexity
sage CWE-79
critical
9.0
2023-01-01 CVE-2022-34323 Cross-site Scripting vulnerability in Sage XRT Business Exchange 12.4.302
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers.
network
low complexity
sage CWE-79
5.4
2023-01-01 CVE-2022-34324 SQL Injection vulnerability in Sage XRT Business Exchange 12.4.302
Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History.
network
low complexity
sage CWE-89
8.8
2022-07-14 CVE-2021-45492 Incorrect Permission Assignment for Critical Resource vulnerability in Sage 300
In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable.
local
low complexity
sage CWE-732
7.8
2021-07-22 CVE-2020-7387 Unspecified vulnerability in Sage Adxadmin
Sage X3 Installation Pathname Disclosure.
network
low complexity
sage
5.3
2021-07-22 CVE-2020-7388 Authentication Bypass by Spoofing vulnerability in Sage Adxadmin
Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component.
network
low complexity
sage CWE-290
critical
9.8
2021-07-22 CVE-2020-7389 OS Command Injection vulnerability in Sage Syracuse
Sage X3 System CHAINE Variable Script Command Injection.
network
low complexity
sage CWE-78
7.2
2021-07-22 CVE-2020-7390 Cross-site Scripting vulnerability in Sage Syracuse 12.0
Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile.
network
low complexity
sage CWE-79
5.4
2020-10-18 CVE-2020-13893 Cross-site Scripting vulnerability in Sage Easypay 10.7.5.10
Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E).
network
low complexity
sage CWE-79
5.4
2018-07-24 CVE-2017-3183 Incorrect Authorization vulnerability in Sage XRT Treasury 3.0
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions.
network
low complexity
sage CWE-863
8.8