Sentrifugo » Sentrifugo : Security Vulnerabilities, CVEs, (XSS)
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.
Max CVSS
5.4
EPSS Score
0.09%
Published
2019-09-04
Updated
2019-09-04
4 vulnerabilities found