Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sage sage vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0896
Cross-site scripting (XSS) vulnerability in the (1) Sage prior to 1.3.10, and (2) Sage++ extensions for Firefox, allows remote malicious users to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerab...
Mozilla Firefox
Sage Sage 1.3.6
Sage Sage
Sage Sage 1.0 Beta 3
1 EDB exploit
NA
CVE-2011-3384
Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and previous versions for Firefox allows remote malicious users to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102.
Sage-mozdev Sage 1.3.8
Sage-mozdev Sage
NA
CVE-2006-4711
Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote malicious users to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
Sage Sage
NA
CVE-2006-6919
Firefox Sage extension 1.3.8 and previous versions allows remote malicious users to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element...
Sage-mozdev Sage
1 EDB exploit
4.3
CVSSv3
CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurat...
Sage Sage 300
9.8
CVSSv3
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.
Sage Sage 300
7.5
CVSSv3
CVE-2022-41398
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow malicious users to login to the Solr dashboard with admin privileges and access sensitive information.
Sage Sage 300
9.8
CVSSv3
CVE-2022-41400
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow malicious users to decrypt user passwords and SQL connection strings.
Sage Sage 300
7.8
CVSSv3
CVE-2021-45492
In Sage 300 ERP (formerly accpac) up to and including 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fai...
Sage Sage 300
7.5
CVSSv3
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow malicious u...
Sage Sage 300
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »