This page lists publicly disclosed CVE vulnerabilities affecting tylertech taxweb (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2013-6285 | The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020. | [email protected] | 5.0 | 1.31% | 2013-10-28 | 2026-04-29 |
| CVE-2013-6020 | passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application. | [email protected] | 5.8 | 1.14% | 2013-10-28 | 2026-04-29 |
| CVE-2013-6019 | Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component. | [email protected] | 4.3 | 1.01% | 2013-10-28 | 2026-04-29 |
| CVE-2013-6018 | Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password. | [email protected] | 6.8 | 0.62% | 2013-10-28 | 2026-04-29 |