Description
Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Stefan Friedli · textwebappsphp
https://www.exploit-db.com/exploits/29715
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461895/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2385
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22829
Various Sources x_refsource_misc
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2893
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24331
Various Sources x_refsource_misc
http://www.scip.ch/publikationen/advisories/scip_advisory-2893_eportfolio_%201.0_java_multiple_vulnerabilities.txt
Scores
EPSS
0.0264
EPSS Percentile
85.8%
Details
Status
published
Products (1)
tks_banking_solutions/eportfolio
1.0
Published
Mar 07, 2007
Tracked Since
Feb 18, 2026