CVE-2019-9957
Quadbase EspressReport ES (ERES) v7.0 update 7 suffers a Stored XSS vulnerability: an attacker can store a payload by creating a new user with a malicious username, which can be triggered on the Set Security Levels or View User/Group Relationships pages. Exploitation requires permission to create...