VYPR
Vendor

Treasuryxpress

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2015-4626HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.01

    B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft.

  • CVE-2019-20150MedAug 20, 2020
    risk 0.42cvss 6.5epss 0.01

    In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using…

  • CVE-2019-20152MedAug 20, 2020
    risk 0.40cvss 6.1epss 0.01

    An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the…

  • CVE-2019-20151MedAug 20, 2020
    risk 0.40cvss 6.1epss 0.01

    An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and…

  • CVE-2015-4460Jul 16, 2015
    risk 0.03cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors.