10 matches found
CVE-2026-34096 Guardian Language-System XSS via name Parameter in designer.php
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...
CVE-2013-4611
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving 1 the Online Designer page or 2 the Manage Survey Participants page...
GHSA-6Q3P-36F4-CWXV Server-Side Request Forgery in UReport
UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...
UReport Server-Side Request Forgery Vulnerability
UReport is a high-performance pure Java reporting engine based on the Spring architecture. a server-side request forgery vulnerability exists in the designer page of UReport version 2.2.9. An attacker can use this vulnerability to detect intranet device ports...
UReport Arbitrary Code Execution Vulnerability
UReport is a high-performance pure Java reporting engine based on the Spring architecture. The vulnerability stems from a lack of access control to the designer page. An attacker can exploit this vulnerability to execute arbitrary code...
CVE-2020-21122
UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...
Server side request forgery (ssrf)
UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...
CVE-2020-21124
The vulnerability CVE-2020-21124 affects UReport 2.2.9 (Java-based reporting engine). The root cause is a lack of access control on the designer page, enabling an attacker to execute arbitrary code. The sources describe this high-risk condition; no explicit remediation version is provided in the ...
UReport 代码问题漏洞
UReport is a high-performance pure Java reporting engine based on the Spring architecture. a server-side request forgery vulnerability exists in the designer page of UReport version 2.2.9. An attacker can use this vulnerability to detect intranet device ports...
UReport 代码注入漏洞
UReport is a high-performance pure Java reporting engine based on the Spring architecture. The vulnerability stems from a lack of access control to the designer page. An attacker can exploit this vulnerability to execute arbitrary code...