An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application.
References
Link | Resource |
---|---|
https://sion-evans.com/blog/CVE-2019-20152.html | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-20T12:37:38
Updated: 2020-08-20T12:37:37
Reserved: 2019-12-30T00:00:00
Link: CVE-2019-20152
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-20T13:15:11.997
Modified: 2020-08-24T19:34:59.853
Link: CVE-2019-20152
JSON object: View
Redhat Information
No data.
CWE