The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020.
Max CVSS
5.0
EPSS Score
0.27%
Published
2013-10-28
Updated
2013-11-21
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application.
Max CVSS
5.8
EPSS Score
0.27%
Published
2013-10-28
Updated
2013-11-21
Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component.
Max CVSS
4.3
EPSS Score
0.15%
Published
2013-10-28
Updated
2013-11-21
Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password.
Max CVSS
6.8
EPSS Score
0.07%
Published
2013-10-28
Updated
2013-11-21
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!