本ページは tylertech taxweb に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2013-6285 | The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020. | [email protected] | 5.0 | 1.31% | 2013-10-27 | 2026-06-16 |
| CVE-2013-6020 | passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application. | [email protected] | 5.8 | 1.14% | 2013-10-27 | 2026-06-16 |
| CVE-2013-6019 | Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component. | [email protected] | 4.3 | 1.01% | 2013-10-27 | 2026-06-16 |
| CVE-2013-6018 | Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password. | [email protected] | 6.8 | 0.62% | 2013-10-27 | 2026-06-16 |