Cross-Site Scripting Vulnerabilities in SQL-Ledger by SQL-Ledger
CVE-2009-3581

Currently unrated

Key Information:

Vendor: Sql-ledger
Status: Sql-ledger
Vendor: CVE Published:; 23 December 2009

What is CVE-2009-3581?

Multiple cross-site scripting (XSS) vulnerabilities are present in SQL-Ledger 2.8.24, allowing remote authenticated users to inject arbitrary web scripts or HTML. These vulnerabilities can be exploited through various input fields, including the DCN Description in Accounts Receivables during transaction addition, the Description field in Accounts Payable for transaction entries, and through the name fields in both Customers and Vendors during their respective addition processes.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/54965

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/508559/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/37877

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2009
Vulnerability Reserved
Oct 7, 2009

CVE-2009-3581 Data

JSON

Sql-ledger

What is CVE-2009-3581?

References

Timeline