Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sage sage vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2007-0896
Cross-site scripting (XSS) vulnerability in the (1) Sage prior to 1.3.10, and (2) Sage++ extensions for Firefox, allows remote malicious users to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerab...
Mozilla Firefox
Sage Sage 1.3.6
Sage Sage
Sage Sage 1.0 Beta 3
1 EDB exploit
4.3
CVSSv2
CVE-2011-3384
Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and previous versions for Firefox allows remote malicious users to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102.
Sage-mozdev Sage 1.3.8
Sage-mozdev Sage
4.3
CVSSv2
CVE-2006-4711
Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote malicious users to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
Sage Sage
NA
CVE-2021-45492
In Sage 300 ERP (formerly accpac) up to and including 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fai...
Sage Sage 300
6.8
CVSSv2
CVE-2006-4712
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote malicious users to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that u...
Sage Sage 1.3.6
NA
CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurat...
Sage Sage 300
NA
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.
Sage Sage 300
NA
CVE-2022-41398
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow malicious users to login to the Solr dashboard with admin privileges and access sensitive information.
Sage Sage 300
NA
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow malicious u...
Sage Sage 300
NA
CVE-2022-41400
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow malicious users to decrypt user passwords and SQL connection strings.
Sage Sage 300
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »