Vulnerabilities > Sage > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-22 | CVE-2023-31868 | Cross-site Scripting vulnerability in Sage X3 12.14.0.500 Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
| 2023-05-16 | CVE-2023-29927 | Unspecified vulnerability in Sage 300 2020/2021/2022 Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. | 4.3 |
| 2023-01-01 | CVE-2022-34323 | Cross-site Scripting vulnerability in Sage XRT Business Exchange 12.4.302 Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. | 5.4 |
| 2021-07-22 | CVE-2020-7387 | Unspecified vulnerability in Sage Adxadmin Sage X3 Installation Pathname Disclosure. | 5.0 |
| 2021-07-22 | CVE-2020-7390 | Cross-site Scripting vulnerability in Sage Syracuse 12.0 Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. | 5.4 |
| 2018-07-24 | CVE-2017-3183 | Incorrect Authorization vulnerability in Sage XRT Treasury 3.0 Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. | 6.5 |
| 2007-02-13 | CVE-2007-0896 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712. | 4.3 |
| 2006-09-12 | CVE-2006-4712 | Cross-Site Scripting vulnerability in Sage 1.3.6 Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting." | 6.8 |
| 2006-09-12 | CVE-2006-4711 | Unspecified vulnerability in Sage Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. network sage | 4.3 |
| 2003-12-31 | CVE-2003-1243 | Cross-Site Scripting vulnerability in Sage Content Management System Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter. network sage | 4.3 |