2 matches found
CVE-2020-24984
CVE-2020-24984 affects Quadbase EspressReports ES 7 Update 9. A CSRF flaw could allow an attacker to trick an authenticated admin-level user into uploading malicious files to the web server. The connected documents confirm the vulnerability description across vendors (Red Hat, NVD, CVE list, PRIO...
CVE-2020-24983
CVE-2020-24983 affects Quadbase EspressReports ES 7 Update 9. A CSRF flaw allows an unauthenticated attacker to craft a malicious HTML file containing a POST to the DashboardBuilder that uses the victim’s admin session to rename a Dashboard, i.e., the attacker can trigger authenticated changes vi...