Lucene search
+L

98 matches found

OSV
OSV
added 2023/08/03 2:15 a.m.9 views

CVE-2023-36255

An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...

8.8CVSS6.2AI score0.57359EPSS
Exploits6References4
ATTACKERKB
ATTACKERKB
added 2023/08/03 2:15 a.m.5 views

CVE-2023-36255

An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...

8.8CVSS7.8AI score0.57359EPSS
Exploits6References6
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.2 views

PT-2023-25497 · Eramba · Eramba

Name of the Vulnerable Software and Affected Versions: Eramba versions 3.19.1 Description: The issue allows a remote attacker to execute arbitrary code via the path parameter in the URL. This can be exploited by manipulating the URL to inject malicious code. Recommendations: For version 3.19.1, a...

8.8CVSS8.7AI score0.57359EPSS
Exploits6References7
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.52 views

CVE-2023-36255

An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...

9.1AI score0.57359EPSS
Exploits6References3
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.10 views

CVE-2023-36255

An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...

7.8AI score0.57359EPSS
Exploits6References3
CVE
CVE
added 2023/08/03 12:0 a.m.118 views

CVE-2023-36255

Eramba (Eramba GRC) up to version 3.19.1 is affected by an authenticated remote code execution vulnerability that can be triggered via the path parameter in the URL to the download-test-pdf endpoint. Public writeups and PoCs indicate an RCE in Eramba 3.19.1, with exploits and Metasploit modules r...

8.8CVSS8.8AI score0.57359EPSS
Exploits6References3Affected Software1
CNNVD
CNNVD
added 2023/08/01 12:0 a.m.6 views

Eramba Code Injection Vulnerability

Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program features IT security, compliance auditing and analysis, and more. Eramba version 3.19.1 suffers from a code injection vulnerability that originates in the Eramba web application that allows code...

8.8CVSS8.1AI score0.57359EPSS
Exploits6References6
0day.today
0day.today
added 2023/08/01 12:0 a.m.364 views

Eramba 3.19.1 Remote Command Execution Exploit

Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community edition Vendor: Eramba Limited,...

8.8CVSS7.1AI score0.57359EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/08/01 12:0 a.m.285 views

Eramba 3.19.1 Remote Command Execution

Trovent Security Advisory 2303-01 Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community...

7.1AI score0.57359EPSS
Exploits6
NVD
NVD
added 2022/11/14 4:15 p.m.23 views

CVE-2022-43342

A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...

5.4CVSS0.00485EPSS
Exploits1References2
OSV
OSV
added 2022/11/14 4:15 p.m.8 views

CVE-2022-43342

A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...

5.4CVSS5.9AI score0.00485EPSS
Exploits1References2
Prion
Prion
added 2022/11/14 4:15 p.m.16 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...

4.9CVSS5.3AI score0.00485EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.5 views

CVE-2022-43342

A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...

5.6AI score0.00485EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.5 views

Eramba 跨站脚本漏洞

Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program has features such as IT security, compliance auditing and analysis. A security vulnerability exists in Eramba GRC Software version c2.8.1, which stems from a KPI Title text field in its Add feature th...

5.4CVSS5.8AI score0.00485EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.38 views

CVE-2022-43342

A stored cross-site scripting XSS vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field...

5.4AI score0.00485EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.8 views

PT-2022-26859 · Unknown · Eramba Grc

Name of the Vulnerable Software and Affected Versions: Eramba GRC Software version c2.8.1 Description: A stored cross-site scripting XSS issue in the Add function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. This enables...

5.4CVSS6AI score0.00485EPSS
Exploits1References6
CVE
CVE
added 2022/11/14 12:0 a.m.69 views

CVE-2022-43342

CVE-2022-43342 describes a stored cross-site scripting (XSS) vulnerability in Eramba GRC Software version c2.8.1, exploitable via a crafted payload injected into the KPI Title field in the Add function. The CVE notes that attackers can execute arbitrary web scripts or HTML, with the impact limite...

5.4CVSS5.2AI score0.00485EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2020/11/02 9:15 p.m.22 views

CVE-2020-28031

eramba through c2.8.1 allows HTTP Host header injection with for example resultant wkhtml2pdf PDF printing by authenticated users...

4.3CVSS4.8AI score0.0062EPSS
Exploits0References2
OSV
OSV
added 2020/11/02 9:15 p.m.5 views

CVE-2020-28031

eramba through c2.8.1 allows HTTP Host header injection with for example resultant wkhtml2pdf PDF printing by authenticated users...

4.3CVSS5.8AI score0.0062EPSS
Exploits0References2
Prion
Prion
added 2020/11/02 9:15 p.m.15 views

Design/Logic Flaw

eramba through c2.8.1 allows HTTP Host header injection with for example resultant wkhtml2pdf PDF printing by authenticated users...

4CVSS4.9AI score0.0062EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder