Lucene search

K

Quadbase Security Vulnerabilities

cve
cve

CVE-2019-9957

Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload.....

5.4CVSS

6.4AI Score

0.001EPSS

2019-06-24 07:15 PM
26
cve
cve

CVE-2019-9958

CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their...

8.8CVSS

7.8AI Score

0.003EPSS

2019-06-24 07:15 PM
47
cve
cve

CVE-2020-24985

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or...

8.1CVSS

7.5AI Score

0.001EPSS

2021-03-15 06:15 PM
30
4
cve
cve

CVE-2020-24982

An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their...

4.3CVSS

7.1AI Score

0.001EPSS

2021-03-15 06:15 PM
31
cve
cve

CVE-2020-24983

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated....

8.8CVSS

7.2AI Score

0.001EPSS

2021-03-11 10:15 PM
23
5
cve
cve

CVE-2020-24984

An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web...

8.8CVSS

7.1AI Score

0.001EPSS

2021-03-11 10:15 PM
33
2