31 matches found
CVE-2026-42291
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...
CVE-2026-44987 SysReptor: Privilege Escalation from User Admin to Superuser
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...
CVE-2026-44987 SysReptor: Privilege Escalation from User Admin to Superuser
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...
CVE-2026-42291 SysReptor: Read-write access to personal notes by sharing-link creation with no authorization in SysReptor Professional
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...
CVE-2026-42291
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...
CVE-2026-42291 SysReptor: Read-write access to personal notes by sharing-link creation with no authorization in SysReptor Professional
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...
CVE-2026-42291
Summary (CVE-2026-42291) SysReptor (Professional/Community) exposes read/write access to users’ personal notes via un-authorized sharing-link creation. From version 2026.4 up to before 2026.27, authenticated attackers who know a victim’s note ID could list and create sharing links to that user’s ...
EUVD-2026-28848
SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...
SysReptor 安全漏洞
SysReptor is an open-source penetration testing report platform developed by Syslifters. Versions of SysReptor from 2026.4 to 2026.27 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization at the endpoints when reading and creating personal note-sharing link...
SysReptor 安全漏洞
SysReptor is an open-source penetration testing report platform developed by Syslifters. Versions of SysReptor prior to 2026.29 contained security vulnerabilities. These vulnerabilities stemmed from the ability of users with administrator privileges to change the email addresses of users with...
CVE-2025-66561
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...
CVE-2025-66561 SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...
CVE-2025-66561 SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...
Syslifters Sysreptor 跨站脚本漏洞
Syslifters Sysreptor is a penetration test reporting platform from Syslifters, Inc. A cross-site scripting vulnerability exists in Syslifters Sysreptor versions prior to 2025.102, which originates from an authenticated user being able to perform a stored cross-site scripting attack by uploading a...
PT-2025-49172
Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2025.102 Description A Stored Cross-Site Scripting XSS issue exists in SysReptor, a customizable pentest reporting platform. Authenticated users can execute malicious JavaScript code within the context of other...
EUVD-2024-35875
Malicious code in bioql PyPI...
CVE-2025-59945
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...
CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...
CVE-2025-59945
Vulnerability summary (CVE-2025-59945): SysReptor (Syslifters) versions 2024.74 through 2025.82 allow authenticated, non-admin users to grant themselves the is_project_admin privilege, enabling reading, modifying, and deleting pentest projects they are not members of. This is mitigated in version...
CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...