Vulnerability Note VU#911678
Tyler Technologies TaxWeb 220.127.116.11 contains multiple vulnerabilities
Tyler Technologies TaxWeb 18.104.22.168 and possibly earlier versions contain cross-site request forgery (CWE-352), information exposure (CWE-203), and reflected cross-site scripting (CWE-79) vulnerabilities.
CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2013-6018
TaxWeb 22.214.171.124 contains a cross-site request forgery vulnerability on the login.jsp pages. An attacker can send a constructed webpage link to a previously authenticated user to make an unauthorized change to their password.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Tyler Technologies||Affected||10 Sep 2013||20 Sep 2013|
CVSS Metrics (Learn More)
Thanks to CAaNES LLC for reporting this vulnerability.
This document was written by Adam Rauf.
- CVE IDs: CVE-2013-6018 CVE-2013-6019 CVE-2013-6020
- Date Public: 25 Oct 2013
- Date First Published: 25 Oct 2013
- Date Last Updated: 28 Oct 2013
- Document Revision: 26
If you have feedback, comments, or additional information about this vulnerability, please send us email.