2 matches found
CVE-2023-24187
An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...
CVE-2023-24187
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code by uploading a crafted XML file to /ureport/designer/saveReportFile. Root cause: lack of sanitization for external entities in the XML parsing. Impact: arbitrary code execution; local attack ve...