VYPR

TreasuryXpress

by Treasuryxpress

CVEs (3)

  • CVE-2019-20150MedAug 20, 2020
    risk 0.42cvss 6.5epss 0.01

    In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using…

  • CVE-2019-20152MedAug 20, 2020
    risk 0.40cvss 6.1epss 0.01

    An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the…

  • CVE-2019-20151MedAug 20, 2020
    risk 0.40cvss 6.1epss 0.01

    An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and…