12 matches found
EUVD-2019-19311
Malware in sbrugna...
EUVD-2019-19312
Malware in sbrugna...
CVE-2019-9957
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
CVE-2019-9958
CSRF within the admin panel in Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests...
Quadbase Systems EspressReport ES Cross-Site Scripting Vulnerability
Quadbase Systems EspressReport ES ERES is a centralized business intelligence reporting solution from Quadbase Systems, USA. A cross-site scripting vulnerability exists in Quadbase Systems ERES version 7.0 update 7. The vulnerability stems from a lack of proper validation of client-side data by t...
CVE-2019-9957
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
CVE-2019-9958
CSRF within the admin panel in Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests...
Cross site request forgery (csrf)
CSRF within the admin panel in Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests...
Cross site scripting
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
CVE-2019-9957
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
CVE-2019-9957
Quadbase EspressReport ES (ERES) v7.0 update 7 suffers a Stored XSS vulnerability: an attacker can store a payload by creating a new user with a malicious username, which can be triggered on the Set Security Levels or View User/Group Relationships pages. Exploitation requires permission to create...
CVE-2019-9958
CSRF within the admin panel in Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests...