Vulnerabilities > Sage > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-22 | CVE-2023-31868 | Cross-site Scripting vulnerability in Sage X3 12.14.0.500 Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
| 2023-05-16 | CVE-2023-29927 | Unspecified vulnerability in Sage 300 Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. | 4.3 |
| 2023-01-01 | CVE-2022-34323 | Cross-site Scripting vulnerability in Sage XRT Business Exchange 12.4.302 Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. | 5.4 |
| 2021-07-22 | CVE-2020-7387 | Unspecified vulnerability in Sage Adxadmin Sage X3 Installation Pathname Disclosure. | 5.3 |
| 2021-07-22 | CVE-2020-7390 | Cross-site Scripting vulnerability in Sage Syracuse 12.0 Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. | 5.4 |
| 2020-10-18 | CVE-2020-13893 | Cross-site Scripting vulnerability in Sage Easypay 10.7.5.10 Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E). | 5.4 |