Filtered by vendor Ureport Project
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48848 | 1 Ureport Project | 1 Ureport | 2024-02-28 | N/A | 7.5 HIGH |
| An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. | |||||
| CVE-2023-24188 | 1 Ureport Project | 1 Ureport | 2024-02-28 | N/A | 9.1 CRITICAL |
| ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. | |||||
| CVE-2023-24187 | 1 Ureport Project | 1 Ureport | 2024-02-28 | N/A | 7.8 HIGH |
| An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | |||||
| CVE-2020-21125 | 1 Ureport Project | 1 Ureport | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code. | |||||
| CVE-2020-21122 | 1 Ureport Project | 1 Ureport | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. | |||||
| CVE-2020-21124 | 1 Ureport Project | 1 Ureport | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. | |||||