CVE-2022-45437 Stored cross-site scripting vulnerability in the reporting dashboard module

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting XSS. A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload...

ZOHO ManageEngine ServiceDesk Plus 安全漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management, IT Project Management, Procurement and Contract Management, and...

Vulnerability fixed in FortiManager and FortiAnalyzer

FortiNet has fixed a vulnerability in FortiManager and FortiAnalyzer. A malicious person with low privileges can exploit the exploit the vulnerability to perform a cross-site scripting attack via the reporting module. Such an attack can lead to the execution of arbitrary code in the context of th...

CVE-2022-27192

The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files...

CVE-2022-27192

The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files...

Design/Logic Flaw

The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files...

PT-2022-18279 · Dvs · Dvs Avilys

Name of the Vulnerable Software and Affected Versions: DVS Avilys versions prior to 3.5.58 Description: The issue affects the Reporting module in the DVS Avilys document management system, allowing unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading...

ZOHO ManageEngine Desktop Centra Remote Code Execution Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO, Inc. The solution includes software distribution, patch management, system configuration, remote control, and other functional modules to support the entire lifecycle of desktop and server management. properly...

ZOHO ManageEngine Desktop Central 安全漏洞

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO, Inc. The solution includes software distribution, patch management, system configuration, remote control, and other functional modules to support the entire lifecycle of desktop and server management. properly...

Dalmark Systems Systeam SQL注入漏洞

Dalmark Systems Systeam is an Erp system from Dalmark Systems in Brazil. Dalmark Systems Systeam has a security vulnerability that stems from the fact that the Systeam application is an ERP system that uses a hybrid architecture based on SaaS tenant and user management, as well as an on-premise...

CVE-2018-16145

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of...

Cross site request forgery (csrf)

The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp...

CVE-2017-7990

The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp...

CVE-2017-7990

The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp...

CVE-2017-7990

The CVE-2017-7990 entry involves the OpenMRS Reporting Module 1.12.0, where a CSRF vulnerability can be abused to perform cross-site scripting. An attacker could hijack an administrative session to inject JavaScript into the name field in webapp/reports/manageReports.jsp, yielding XSS. The affect...

CVE-2017-7990

The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp...

OpenMRS Reporting Module 0.9.7 RCE

Remote command execution vulnerability in OpenMRS Reporting Module Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

OpenMRS Reporting Module 0.9.7 - Remote Code Execution

Title: Unauthenticated remote code execution in OpenMRS Product: OpenMRS Vendor: OpenMRS Inc. Tested versions: See summary Status: Fixed by vendor Reported by: Brian D. Hysell Product description: OpenMRS is "the world's leading open source enterprise electronic medical record system platform."...

CVE-2013-1083

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...

Design/Logic Flaw

Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager aka IDM Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors...