Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

47 matches found

NVD
NVDadded 2019/06/24 7:15 p.m.20 views

CVE-2019-9957

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

5.4CVSS5.5AI score0.00821EPSS
Exploits1References1
Prion
Prionadded 2019/06/24 7:15 p.m.10 views

Cross site request forgery (csrf)

CSRF within the admin panel in Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests...

6.8CVSS8.8AI score0.00777EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2019/06/24 7:15 p.m.19 views

Cross site scripting

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

3.5CVSS5.6AI score0.00821EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2019/06/24 6:14 p.m.43 views

CVE-2019-9957

Quadbase EspressReport ES (ERES) v7.0 update 7 suffers a Stored XSS vulnerability: an attacker can store a payload by creating a new user with a malicious username, which can be triggered on the Set Security Levels or View User/Group Relationships pages. Exploitation requires permission to create...

5.4CVSS5.5AI score0.00821EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2019/06/24 6:14 p.m.22 views

CVE-2019-9957

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

5.5AI score0.00821EPSS
Exploits1References1
CVE
CVEadded 2019/06/24 6:10 p.m.70 views

CVE-2019-9958

The CVE-2019-9958 entry affects Quadbase EspressReport ES (ERES) v7.0 update 7, where a CSRF flaw in the admin panel allows remote attackers to escalate privileges or create new admin accounts by coercing an authenticated admin’s session to perform unintended requests. The vulnerability arises fr...

8.8CVSS8.7AI score0.00777EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2019/06/24 6:10 p.m.21 views

CVE-2019-9958

CSRF within the admin panel in Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests...

8.8AI score0.00777EPSS
Exploits1References1
Rows per page
Query Builder