10 matches found
CVE-2026-34096 Guardian Language-System XSS via name Parameter in designer.php
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...
CVE-2013-4611
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving 1 the Online Designer page or 2 the Manage Survey Participants page...
GHSA-6Q3P-36F4-CWXV Server-Side Request Forgery in UReport
UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...
UReport Arbitrary Code Execution Vulnerability
UReport is a high-performance pure Java reporting engine based on the Spring architecture. The vulnerability stems from a lack of access control to the designer page. An attacker can exploit this vulnerability to execute arbitrary code...
UReport Server-Side Request Forgery Vulnerability
UReport is a high-performance pure Java reporting engine based on the Spring architecture. a server-side request forgery vulnerability exists in the designer page of UReport version 2.2.9. An attacker can use this vulnerability to detect intranet device ports...
CVE-2020-21122
UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...
Server side request forgery (ssrf)
UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...
CVE-2020-21124
The vulnerability CVE-2020-21124 affects UReport 2.2.9 (Java-based reporting engine). The root cause is a lack of access control on the designer page, enabling an attacker to execute arbitrary code. The sources describe this high-risk condition; no explicit remediation version is provided in the ...
UReport 代码问题漏洞
UReport is a high-performance pure Java reporting engine based on the Spring architecture. a server-side request forgery vulnerability exists in the designer page of UReport version 2.2.9. An attacker can use this vulnerability to detect intranet device ports...
UReport 代码注入漏洞
UReport is a high-performance pure Java reporting engine based on the Spring architecture. The vulnerability stems from a lack of access control to the designer page. An attacker can exploit this vulnerability to execute arbitrary code...