Sentrifugo » Sentrifugo : Security Vulnerabilities, CVEs, (XSS)

CVE-2024-29879

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21

CVE-2024-29878

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21

CVE-2024-29877

Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21

CVE-2019-15814

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.
Max CVSS
5.4
EPSS Score
0.09%
Published
2019-09-04
Updated
2019-09-04
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close