89 matches found
Reflected XSS - Telerik Reporting Module
Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. id:...
CVE-2026-8245
Concrete CMS 9.5.0 and earlier is vulnerable to a Reflected XSS in Legacy Pagination. The flaw occurs because Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating the $URL field into href, allowing an attacker to craft a URL that injects HTML into the link tag. An authenti...
CVE-2026-8245 Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection
Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...
CVE-2026-8245
Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...
CVE-2026-8245 Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection
Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...
EUVD-2019-3444
Malware in sbrugna...
EUVD-2023-38837
Malicious code in bioql PyPI...
CVE-2023-34796
Cross site scripting XSS vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the orgname or domain values...
CVE-2024-46907
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user at least Report Viewer permissions required to achieve privilege escalation to the admin account...
CVE-2024-46908
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user at least Report Viewer permissions required to achieve privilege escalation to the admin account...
CVE-2024-46906
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user at least Report Viewer permissions required to achieve privilege escalation to the admin account...
CVE-2024-46906 WhatsUp Gold GetSqlWhereClause SQL Injection Privilege Escalation Vulnerability
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user at least Report Viewer permissions required to achieve privilege escalation to the admin account...
CVE-2024-46907 WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user at least Report Viewer permissions required to achieve privilege escalation to the admin account...
CVE-2024-46908 WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user at least Report Viewer permissions required to achieve privilege escalation to the admin account...
Progress Telerik Reporting <= 2024 Q3 (18.2.24.806) Multiple Vulnerabilities
The version of Progress Telerik Reporting installed on the remote Windows host is prior or equal to 2024 Q3 18.2.24.806. It is, therefore, affected by multiple vulnerabilities: - In Progress® Telerik® Reporting, versions 2024 Q3 18.2.24.806 or earlier, hyperlinks were permitted in the desktop...
PT-2024-32277 · Ipswitch · Whatsup Gold
Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.1 Description: A SQL Injection issue allows an authenticated low-privileged user, with at least Report Viewer permissions, to escalate privileges to the admin account. This issue can be exploited by a use...
CVE-2023-34796
Cross site scripting XSS vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the orgname or domain values...
CVE-2023-34796
Cross site scripting XSS vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the orgname or domain values...
CVE-2023-34796
Cross site scripting XSS vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the orgname or domain values...
Cross site scripting
Cross site scripting XSS vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the orgname or domain values...