Taxweb
Monthly
The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.