Back to search
CVE-2019-20152
Published: Aug 20, 2020
Modified: Aug 5, 2024
PUBLISHED
Description
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://sion-evans.com/blog/CVE-2019-20152.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now