Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sage X3 Syracuse Persistent XSS in Edit User page
Vulnerability Description
Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 (components shipped with Syracuse 12.10.0 and later) of Sage X3. Other on-premises versions of Sage X3 are unaffected or unsupported by the vendor.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Sage Group Sage X3 跨站脚本漏洞
Vulnerability Description
Sage Group Sage X3是Sage Group公司的一个应用软件。针对成熟企业开发的企业资源规划产品。 Sage X3 存在跨站脚本漏洞,经过身份验证的用户可以将此 Web 应用程序组件的"First Name", "Last Name", "Email Address"字段传递给 XSS 字符串。
CVSS Information
N/A
Vulnerability Type
N/A