CVE-2020-7572

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server...

EUVD-2016-0432

Malware in sbrugna...

EUVD-2020-28695

Malware in sbrugna...

EUVD-2020-28696

Malware in sbrugna...

EUVD-2012-1847

Malware in sbrugna...

EUVD-2023-49995

Malicious code in bioql PyPI...

EUVD-2023-49994

Malicious code in bioql PyPI...

EUVD-2022-48770

Malicious code in bioql PyPI...

CVE-2022-45926

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...

CVE-2020-7570

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Stored vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect...

CVE-2020-7571

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation Cross-site Scripting Reflected vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of use...

CVE-2024-8125

Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management Extended ECM allows Parameter Injection. A bad actor with the required OpenText Content Management privileges not root could expose the vulnerability to carry out a remote code execution attack on the...

CVE-2024-8125

CVE-2024-8125 affects OpenText Content Management (Extended ECM) with the WebReports module installed and enabled, versioned 10.0–24.4. The vulnerability is due to improper validation of a specified input type, enabling parameter injection that could lead to remote code execution. The exposure re...

PT-2025-3697 · Opentext · Opentext Content Management

Name of the Vulnerable Software and Affected Versions: OpenText Content Management Extended ECM versions 10.0 through 24.4 Description: The issue is related to improper validation of specified input types, allowing parameter injection. An actor with necessary privileges could exploit this to carr...

CVE-2023-45706

An administrative user of WebReports may perform a Cross Site Scripting XSS and/or Man in the Middle MITM exploit through SAML configuration...

CVE-2023-45705

An administrative user of WebReports may perform a Server Side Request Forgery SSRF exploit through SMTP configuration options...

CVE-2023-45706

An administrative user of WebReports may perform a Cross Site Scripting XSS and/or Man in the Middle MITM exploit through SAML configuration...

CVE-2023-45705

HCL BigFix Platform (WebReports) is reported to be susceptible to Server Side Request Forgery (SSRF) via SMTP configuration options. The vulnerability is described as an issue where an administrative user can trigger SSRF through SMTP settings. There are no details in the provided documents about...

CVE-2023-45705 HCL BigFix Platform is susceptible to Server Side Request Forgery (SSRF)

An administrative user of WebReports may perform a Server Side Request Forgery SSRF exploit through SMTP configuration options...

HCL BigFix Platform 安全漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix Platform that originates from ...