Reflected XSS - Telerik Reporting Module

Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. id:...

CVE-2026-8245 Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

CVE-2026-8245 Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

CVE-2024-46907

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user at least Report Viewer permissions required to achieve privilege escalation to the admin account...

CVE-2024-46906

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user at least Report Viewer permissions required to achieve privilege escalation to the admin account...

CVE-2024-46906 WhatsUp Gold GetSqlWhereClause SQL Injection Privilege Escalation Vulnerability

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user at least Report Viewer permissions required to achieve privilege escalation to the admin account...

CVE-2024-46908 WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user at least Report Viewer permissions required to achieve privilege escalation to the admin account...

PT-2024-32277 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.1 Description: A SQL Injection issue allows an authenticated low-privileged user, with at least Report Viewer permissions, to escalate privileges to the admin account. This issue can be exploited by a use...

MS09-062: Description of the security update for Microsoft Report Viewer 2008 Service Pack 1 Redistributable Package: October 13, 2009

MS09-062: Description of the security update for Microsoft Report Viewer 2008 Service Pack 1 Redistributable Package: October 13, 2009 INTRODUCTION Microsoft has released security bulletin MS09-062. To view the complete security bulletin, visit one of the following Microsoft Web sites: Home...

CVE-2019-11776

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context...

CVE-2019-11776

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context...

Design/Logic Flaw

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context...

CVE-2019-11776

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context...

CVE-2019-11776

The CVE-2019-11776 entry affects Eclipse BIRT Report Viewer (versions 1.0–4.7). The underlying issue is a reflected XSS in a URL parameter (notably the __format parameter in the Report Viewer) that allows an attacker to inject JavaScript executed in the victim’s browser context. This is caused by...

MS11-067: Description of the security update for Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package: August 9, 2011

MS11-067: Description of the security update for Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package: August 9, 2011 Introduction Microsoft has released security bulletin MS11-067. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

CVE-2015-2165

Multiple cross-site scripting XSS vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform MSDP 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the 1 portal, 2 fromDate, 3 toDate, 4 fromTime, 5 toTime, 6 kword, 7 uname, 8 pname, 9...

CVE-2015-2165

Multiple cross-site scripting XSS vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform MSDP 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the 1 portal, 2 fromDate, 3 toDate, 4 fromTime, 5 toTime, 6 kword, 7 uname, 8 pname, 9...

CVE-2015-2165

CVE-2015-2165 covers multiple stored/reflected XSS flaws in Ericsson Drutt MSDP Report Viewer (versions 4.x–6.x). The vulnerabilities allow remote attackers to inject arbitrary script/HTML via a large set of parameters across various JSP pages (top-links.jsp, page-summary.jsp, service-summary.jsp...

Ericsson Drutt MSDP (Report Viewer) Cross Site Scripting

+----------------------------------------------------------------------+ + Ericsson Drutt MSDP Report Viewer - Cross Site Scripting Injection + +----------------------------------------------------------------------+ Affected Product: Ericsson Drutt MSDP Report Viewer Vendor Homepage :...

How to install a standalone Veeam Report Viewer

Purpose You need to install a standalone Veeam Report Viewer to view offline reports. Solution There are several options to install Veeam Report Viewer: Veeam ONE ISO file : You can start Veeam Report Viewer setup from the ISO file: VeeamONE10.0.0.750.iso\Redistr\ReportViewer.msi. Veeam ONE...