Vulnerabilities > Sage > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-31868 Cross-site Scripting vulnerability in Sage X3 12.14.0.500
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
sage CWE-79
5.4
2023-05-16 CVE-2023-29927 Unspecified vulnerability in Sage 300 2020/2021/2022
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side.
network
low complexity
sage
4.3
2023-01-01 CVE-2022-34323 Cross-site Scripting vulnerability in Sage XRT Business Exchange 12.4.302
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers.
network
low complexity
sage CWE-79
5.4
2021-07-22 CVE-2020-7387 Unspecified vulnerability in Sage Adxadmin
Sage X3 Installation Pathname Disclosure.
network
low complexity
sage
5.0
2021-07-22 CVE-2020-7390 Cross-site Scripting vulnerability in Sage Syracuse 12.0
Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile.
network
low complexity
sage CWE-79
5.4
2018-07-24 CVE-2017-3183 Incorrect Authorization vulnerability in Sage XRT Treasury 3.0
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions.
network
low complexity
sage CWE-863
6.5
2007-02-13 CVE-2007-0896 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
network
mozilla sage CWE-79
4.3
2006-09-12 CVE-2006-4712 Cross-Site Scripting vulnerability in Sage 1.3.6
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
network
sage CWE-79
6.8
2006-09-12 CVE-2006-4711 Unspecified vulnerability in Sage
Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M.
network
sage
4.3
2003-12-31 CVE-2003-1243 Cross-Site Scripting vulnerability in Sage Content Management System
Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter.
network
sage
4.3