Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability. The Change Password feature can be abused in order to modify the password of any user of the application.
b902e8c8533e18988a3d9cf1a301f95fdca312dbda532a060668f36b710b0b68
Financials by Coda versions prior to 2023Q4 suffer from a cross site scripting vulnerability.
34202068f860d76bf76919a5032aea9e7b1a4b4f23d207a20914dd51652a7504