templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true.
7AI Score
0.001EPSS
Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license.
7.1AI Score
0.038EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page.
6AI Score
0.004EPSS
Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.
7.5AI Score
0.033EPSS