Vulnerabilities > Sage > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-31868 Cross-site Scripting vulnerability in Sage X3 12.14.0.500
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
sage CWE-79
5.4
2023-05-16 CVE-2023-29927 Unspecified vulnerability in Sage 300
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side.
network
low complexity
sage
4.3
2023-01-01 CVE-2022-34323 Cross-site Scripting vulnerability in Sage XRT Business Exchange 12.4.302
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers.
network
low complexity
sage CWE-79
5.4
2021-07-22 CVE-2020-7387 Unspecified vulnerability in Sage Adxadmin
Sage X3 Installation Pathname Disclosure.
network
low complexity
sage
5.3
2021-07-22 CVE-2020-7390 Cross-site Scripting vulnerability in Sage Syracuse 12.0
Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile.
network
low complexity
sage CWE-79
5.4
2020-10-18 CVE-2020-13893 Cross-site Scripting vulnerability in Sage Easypay 10.7.5.10
Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E).
network
low complexity
sage CWE-79
5.4