Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sage sage vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2007-0896
Cross-site scripting (XSS) vulnerability in the (1) Sage prior to 1.3.10, and (2) Sage++ extensions for Firefox, allows remote malicious users to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerab...
Mozilla Firefox
Sage Sage 1.3.6
Sage Sage
Sage Sage 1.0 Beta 3
1 EDB exploit
4.3
CVSSv2
CVE-2011-3384
Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and previous versions for Firefox allows remote malicious users to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102.
Sage-mozdev Sage 1.3.8
Sage-mozdev Sage
4.3
CVSSv2
CVE-2006-4711
Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote malicious users to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
Sage Sage
NA
CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurat...
Sage Sage 300
6.8
CVSSv2
CVE-2006-4712
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote malicious users to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that u...
Sage Sage 1.3.6
6.8
CVSSv2
CVE-2006-6919
Firefox Sage extension 1.3.8 and previous versions allows remote malicious users to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element...
Sage-mozdev Sage
1 EDB exploit
NA
CVE-2022-38583
On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the co...
Sage Sage 300
NA
CVE-2021-45492
In Sage 300 ERP (formerly accpac) up to and including 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fai...
Sage Sage 300
NA
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.
Sage Sage 300
NA
CVE-2022-41398
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow malicious users to login to the Solr dashboard with admin privileges and access sensitive information.
Sage Sage 300
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »