RSS   Vulnerabilities for 'Business platform'   RSS

2020-12-23
 
CVE-2020-13969

CWE-79
 

 
CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent.

 
 
CVE-2020-13968

CWE-89
 

 
CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top