An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s).
References
Link | Resource |
---|---|
https://sion-evans.com/blog/CVE-2019-20151.html | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-20T12:36:21
Updated: 2020-08-20T12:36:21
Reserved: 2019-12-30T00:00:00
Link: CVE-2019-20151
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-20T13:15:11.920
Modified: 2020-08-24T19:34:02.147
Link: CVE-2019-20151
JSON object: View
Redhat Information
No data.
CWE