Telerik Reporting@* Security Vulnerabilities and Issues — Telerik Reporting@* CVE List

Lucene search

ProgressTelerik Reporting*

14 matches found

CVE•added 2017/05/22 5:29 a.m.•63 views

CVE-2017-9140

Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.

6.1CVSS6.1AI score0.05518EPSS

CVE•added 2024/03/20 1:15 p.m.•55 views

CVE-2024-1856

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.

8.8CVSS8.7AI score0.00109EPSS

CVE•added 2024/03/20 1:15 p.m.•53 views

CVE-2024-1801

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.

7.8CVSS7.9AI score0.00014EPSS

CVE•added 2024/07/24 2:15 p.m.•53 views

CVE-2024-6096

In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.

9.8CVSS9AI score0.01416EPSS

CVE•added 2024/10/09 3:15 p.m.•50 views

CVE-2024-8014

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.

8.8CVSS9.1AI score0.02148EPSS

CVE•added 2024/10/09 3:15 p.m.•41 views

CVE-2024-7840

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.

7.8CVSS8.1AI score0.00255EPSS

CVE•added 2025/02/12 6:15 p.m.•40 views

CVE-2024-6097

In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.

5.3CVSS5AI score0.00035EPSS

CVE•added 2024/10/09 3:15 p.m.•38 views

CVE-2024-7293

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.

8.8CVSS7.7AI score0.00058EPSS

CVE•added 2024/01/31 4:15 p.m.•37 views

CVE-2024-0832

In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package t...

7.8CVSS7.5AI score0.00674EPSS

CVE•added 2024/10/09 3:15 p.m.•36 views

CVE-2024-7294

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.

7.5CVSS6.9AI score0.00103EPSS

CVE•added 2024/10/09 3:15 p.m.•33 views

CVE-2024-8048

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.

7.8CVSS8.2AI score0.00134EPSS

CVE•added 2024/05/15 5:15 p.m.•26 views

CVE-2024-4200

In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.

7.8CVSS7.1AI score0.00049EPSS

CVE•added 2024/05/15 5:15 p.m.•18 views

CVE-2024-4202

In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.

8.6CVSS7.2AI score0.00046EPSS

CVE•added 2024/05/15 5:15 p.m.•16 views

CVE-2024-4357

An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.

6.5CVSS6.1AI score0.01136EPSS