Show filters
20 Total Results
Displaying 1-10 of 20
Sort by:
Attacker Value
Unknown

CVE-2023-48848

Disclosure Date: November 28, 2023 (last updated December 05, 2023)
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-24187

Disclosure Date: February 14, 2023 (last updated October 08, 2023)
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-24188

Disclosure Date: February 13, 2023 (last updated October 08, 2023)
ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-25220

Disclosure Date: March 03, 2022 (last updated October 07, 2023)
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-23052

Disclosure Date: March 03, 2022 (last updated October 07, 2023)
PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-23051

Disclosure Date: March 03, 2022 (last updated October 07, 2023)
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-21124

Disclosure Date: September 15, 2021 (last updated November 29, 2024)
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-21122

Disclosure Date: September 15, 2021 (last updated November 29, 2024)
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-21125

Disclosure Date: September 15, 2021 (last updated November 29, 2024)
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-21275

Disclosure Date: January 25, 2021 (last updated November 28, 2024)
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  Next >