2 matches found
CVE-2020-24982
CVE-2020-24982 concerns Quadbase ExpressDashboard (EDAB) 7 Update 9 and is described by Red Hat and other sources as a CSRF vulnerability. The issue enables an attacker to trick an authenticated user into changing the user’s email address, implying an authenticated session and user interaction re...
CVE-2020-24985
Quadbase EspressReports ES 7 Update 9 is affected. An authenticated user can alter the frmsrc parameter on the MenuPage to retrieve and execute external files or payloads, indicating an input handling/parameter manipulation vulnerability that enables potentially remote file execution within the a...