C2box

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2015-4626	Treasuryxpress C2box	Hig	0.49	7.5	0.00		Jan 23, 2017	B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft.
CVE-2015-4460	Treasuryxpress C2box		0.03	—	0.00		Jul 16, 2015	Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors.

CVE-2015-4626HigJan 23, 2017
Treasuryxpress
C2box
risk 0.49cvss 7.5epss 0.00
B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft.
CVE-2015-4460Jul 16, 2015
Treasuryxpress
C2box
risk 0.03cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors.