15 matches found
CVE-2025-40900
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...
CVE-2025-40900 Angular template injection in Reports in Guardian/CMC before 26.1.0
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...
CVE-2025-40900
CVE-2025-40900 describes an Angular template injection in the Reports functionality of Guardian/CMC prior to version 26.1.0. An authenticated user with report privileges can embed an Angular template payload in a malicious report, which executes in the victim’s browser during viewing/import, pote...
EUVD-2025-209892
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...
CVE-2025-40900 Angular template injection in Reports in Guardian/CMC before 26.1.0
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...
CVE-2025-40900
An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...
CVE-2025-12409
Looker Studio SQL injection via malicious report with native functions enabled could exfiltrate data from BigQuery. By delivering a report and having the victim open it, an attacker could execute injected SQL queries using the victim’s BigQuery permissions. Affects Looker Studio components involv...
CVE-2025-12409 SQL Injection in Looker Studio
A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victim's...
CVE-2023-27980
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...
GHSA-2R57-2MRH-GGJV ydata cross-site scripting
A cross-site scripting XSS vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser...
CVE-2024-37063
A cross-site scripting XSS vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser...
CVE-2023-27980
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...
MTN Group: Remote code execution via crafted pentaho report uploaded using default credentials for pentaho business server
A remote code execution vulnerability was discovered in Pentaho Business Analytics Server. By uploading a specially crafted Pentaho report file using default credentials, an attacker could achieve arbitrary code execution...
CVE-2022-23940
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the emailrecipients property. By using a crafted request, they can create a malicious report, containin...
CVE-2022-23940
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the emailrecipients property. By using a crafted request, they can create a malicious report, containin...