DEBIAN-CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

CVE-2026-39951

CVE-2026-39951 affects Cacti versions 1.2.30 and earlier, exposing a Stored SQL Injection through graph_name_regexp in the Reports feature. The vulnerability is fixed in version 1.2.31. Public references confirm the issue and include a fix commit and security advisory link. No exploitation detail...

Angular template injection in Reports in Guardian/CMC before 26.1.0

Summary An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. Impact An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially...

CVE-2019-11678

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...

Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0

Summary A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. Impact An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineer...

EUVD-2018-11793

Malware in sbrugna...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the contact tracking and page hits report feature. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts. Details Cross-site scripting or XSS is a code vulnerabili...

The vulnerability of the GLPI reports’ reporting system, related to improper handling of input data during the generation of web pages used in SQL commands, allows attackers to carry out XSS attacks.

The vulnerability of the GLPI reports plugin relates to the proper neutralization of input data during the generation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially crafted website...

ScienceLogic SL1 操作系统命令注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A command execution vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from the Download and Convert Reports feature...

istio security update

istio 1.13.7-1 - Added Oracle specific files for 1.13.7-1 olcne 1.4.7-1 - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 1.4.6-2 - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printin...

CVE-2022-23320

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...

CVE-2018-1155

In SecurityCenter versions prior to 5.7.0, a cross-site scripting XSS issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue...

CVE-2018-1155

In SecurityCenter versions prior to 5.7.0, a cross-site scripting XSS issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue...