Known Vulnerabilities for products from Sage
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Sage".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-67807 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2025-67806 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2025-67805 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2024-52384 | Not Provided | 2024-11-14 | 2026-04-01 | |
| CVE-2020-13893 | Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject ... | 5.4 - MEDIUM | 2020-10-18 | 2020-10-27 |
| CVE-2020-7390 | Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Na... | 5.4 - MEDIUM | 2021-07-22 | 2023-11-07 |
| CVE-2020-7389 | Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via... | 7.2 - HIGH | 2021-07-22 | 2022-07-15 |
| CVE-2020-7388 | Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authent... | 9.8 - CRITICAL | 2021-07-22 | 2021-08-09 |
| CVE-2020-7387 | Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component tha... | 5.3 - MEDIUM | 2021-07-22 | 2021-08-09 |
| CVE-2019-25053 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-01-27 | 2023-02-06 |
| CVE-2017-3183 | Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authentica... | 8.8 - HIGH | 2018-07-24 | 2019-10-09 |
| CVE-2007-0896 | Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote ... | 4.3 - MEDIUM | 2007-02-13 | 2017-07-29 |
| CVE-2006-4712 | Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HT... | 6.8 - MEDIUM | 2006-09-12 | 2018-10-17 |
| CVE-2006-4711 | Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via... | 4.3 - MEDIUM | 2006-09-12 | 2008-09-05 |
| CVE-2003-1243 | Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via th... | 4.3 - MEDIUM | 2003-12-31 | 2017-07-11 |
| CVE-2003-1242 | Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which ret... | 5 - MEDIUM | 2003-12-31 | 2008-09-05 |
Known software with vulnerabilities from Sage
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sage | Easypay | 10.7.5.10 |
| Application | Sage | Sage Timesheet | 9.85.1 |
| Application | Sage | Xrt Treasury | 3.0 |