98 matches found
CVE-2023-36255
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...
CVE-2023-36255
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...
PT-2023-25497 · Eramba · Eramba
Name of the Vulnerable Software and Affected Versions: Eramba versions 3.19.1 Description: The issue allows a remote attacker to execute arbitrary code via the path parameter in the URL. This can be exploited by manipulating the URL to inject malicious code. Recommendations: For version 3.19.1, a...
CVE-2023-36255
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...
CVE-2023-36255
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...
CVE-2023-36255
Eramba (Eramba GRC) up to version 3.19.1 is affected by an authenticated remote code execution vulnerability that can be triggered via the path parameter in the URL to the download-test-pdf endpoint. Public writeups and PoCs indicate an RCE in Eramba 3.19.1, with exploits and Metasploit modules r...
Eramba Code Injection Vulnerability
Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program features IT security, compliance auditing and analysis, and more. Eramba version 3.19.1 suffers from a code injection vulnerability that originates in the Eramba web application that allows code...
Eramba 3.19.1 Remote Command Execution Exploit
Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community edition Vendor: Eramba Limited,...
Eramba 3.19.1 Remote Command Execution
Trovent Security Advisory 2303-01 Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community...
CVE-2022-43342
A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...
CVE-2022-43342
A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...
CVE-2022-43342
A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...
Eramba 跨站脚本漏洞
Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program has features such as IT security, compliance auditing and analysis. A security vulnerability exists in Eramba GRC Software version c2.8.1, which stems from a KPI Title text field in its Add feature th...
CVE-2022-43342
A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...
PT-2022-26859 · Unknown · Eramba Grc
Name of the Vulnerable Software and Affected Versions: Eramba GRC Software version c2.8.1 Description: A stored cross-site scripting XSS issue in the Add function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. This enables...
CVE-2022-43342
CVE-2022-43342 describes a stored cross-site scripting (XSS) vulnerability in Eramba GRC Software version c2.8.1, exploitable via a crafted payload injected into the KPI Title field in the Add function. The CVE notes that attackers can execute arbitrary web scripts or HTML, with the impact limite...
CVE-2020-28031
eramba through c2.8.1 allows HTTP Host header injection with for example resultant wkhtml2pdf PDF printing by authenticated users...
CVE-2020-28031
eramba through c2.8.1 allows HTTP Host header injection with for example resultant wkhtml2pdf PDF printing by authenticated users...
Design/Logic Flaw
eramba through c2.8.1 allows HTTP Host header injection with for example resultant wkhtml2pdf PDF printing by authenticated users...