Lucene search
+L

114 matches found

NVD
NVD
added 2026/03/07 2:16 a.m.5 views

CVE-2026-2431

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00223EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/07 1:21 a.m.1 views

CVE-2026-2431 CM Custom Reports <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.9AI score0.00223EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.7 views

WordPress plugin CM Custom Reports 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.8AI score0.00223EPSS
Exploits0References4
CVE
CVE
added 2025/11/11 10:32 a.m.17 views

CVE-2025-7633

CVE-2025-7633 affects ManageEngine Exchange Reporter Plus (ZOHO) versions 5723 and below, with a Stored XSS in the Custom report feature. Connected sources corroborate the issue and indicate potential impact including unauthorized access via XSS, and several advisories recommend upgrading to a ve...

7.3CVSS5.7AI score0.00483EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.6 views

ZOHO ManageEngine Exchange reporter Plus 安全漏洞

ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine Exchange reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...

7.3CVSS6AI score0.00483EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.9 views

PT-2025-46320

Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions 5723 and below Description ManageEngine Exchange Reporter Plus versions 5723 and below are susceptible to a Stored Cross-Site Scripting XSS issue within the Custom report functionality. This allows...

7.3CVSS5.5AI score0.00483EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-31707

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00725EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-31710

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00609EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:34 a.m.11 views

CVE-2023-27984

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...

8.8CVSS7.6AI score0.00609EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:34 a.m.9 views

CVE-2023-27981

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and prior, IGSS...

8.8CVSS7.6AI score0.00725EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:28 a.m.5 views

CVE-2023-27977

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...

6.5CVSS6.8AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.22 views

CVE-2023-27982

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code...

8.8CVSS7.6AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.3 views

CVE-2023-27979

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affecte...

6.5CVSS6.7AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.5 views

CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...

8.8CVSS8AI score0.00881EPSS
Exploits0References1
NVD
NVD
added 2024/03/14 3:15 a.m.10 views

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

4.3CVSS6.5AI score0.00395EPSS
Exploits0References1
OSV
OSV
added 2024/03/14 3:15 a.m.7 views

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

4.3CVSS5.8AI score0.00395EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 3:15 a.m.24 views

Improper access control

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

7.1AI score0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/14 12:0 a.m.12 views

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

6.8AI score0.00395EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/05/10 9:26 p.m.25 views

Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually:...

6.8CVSS6.4AI score0.00497EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/05/10 9:26 p.m.20 views

GHSA-M6M9-GR85-79VM Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually:...

6.8CVSS5.5AI score0.00497EPSS
Exploits1References5
Rows per page
Query Builder