Back to search
CVE-2019-20151
Published: Aug 20, 2020
Modified: Aug 5, 2024
PUBLISHED
Description
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://sion-evans.com/blog/CVE-2019-20151.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now