RSS   Vulnerabilities for 'Vtenext'   RSS

2020-09-14
 
CVE-2020-10229

CWE-352
 

 
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.

 
 
CVE-2020-10228

CWE-434
 

 
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.

 
 
CVE-2020-10227

CWE-79
 

 
A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.

 


Copyright 2024, cxsecurity.com

 

Back to Top