Vulnerabilities > Sapplica > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-21 | CVE-2024-29877 | Unspecified vulnerability in Sapplica Sentrifugo 3.2 Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. | 6.1 |
| 2024-03-21 | CVE-2024-29878 | Unspecified vulnerability in Sapplica Sentrifugo 3.2 Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. | 6.1 |
| 2024-03-21 | CVE-2024-29879 | Unspecified vulnerability in Sapplica Sentrifugo 3.2 Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. | 6.1 |
| 2020-12-30 | CVE-2020-28365 | Cross-site Scripting vulnerability in Sapplica Sentrifugo 3.2 Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. | 6.1 |
| 2020-03-13 | CVE-2020-10218 | SQL Injection vulnerability in Sapplica Sentrifugo 3.2 A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. | 6.5 |