20 matches found
EUVD-2018-10289
Malware in sbrugna...
EUVD-2020-20867
Malware in sbrugna...
EUVD-2020-20868
Malware in sbrugna...
CVE-2020-28408
The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard...
CVE-2020-28409
The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component e.g., a button when events such as click, hover, etc. occur...
Dundas BI server cross-site scripting vulnerability
Dundas BI server is a web-based server application. A cross-site scripting vulnerability exists in Dundas BI version 8.0.0.1001 and prior versions, which stems from allowing XSS attacks via HTML tags when creating or editing dashboards. No detailed vulnerability details are currently available...
CVE-2020-28409
The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component e.g., a button when events such as click, hover, etc. occur...
CVE-2020-28408
The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard...
CVE-2020-28409
The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component e.g., a button when events such as click, hover, etc. occur...
CVE-2020-28408
The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard...
Cross site scripting
The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard...
CVE-2020-28408
The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard...
CVE-2020-28408
Dundas BI server (version 8.0.0.1001 and prior) is affected by CVE-2020-28408 due to cross-site scripting via an HTML label when creating or editing a dashboard. The vulnerability is caused by XSS in the server-side handling of dashboard labels; impact details are described as an HTML-label based...
CVE-2020-28409
The CVE-2020-28409 entry describes a reflected/in-page XSS in Dundas BI up to version 8.0.0.1001, triggered by adding a UI Component (for example, a button) and subsequent events such as click or hover. The vulnerability affects Dundas BI’s server-side handling when these events occur, enabling s...
CVE-2020-28409
The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component e.g., a button when events such as click, hover, etc. occur...
CVE-2018-18569
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...
CVE-2018-18569
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...
Server side request forgery (ssrf)
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...
CVE-2018-18569
The CVE-2018-18569 entry describes an SSRF vulnerability in Dundas BI server prior to 5.0.1.1010. By exploiting the viewUrl parameter of the “export the dashboard as an image” feature, an attacker can forge arbitrary requests and act on behalf of the attacker, potentially proxying requests to int...
CVE-2018-18569
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...