3 matches found
CVE-2019-14297
Veeam ONE Reporter 9.5.0.3201 is affected by a cross-site scripting vulnerability. The issue arises in the Add/Edit Widget functionality where a crafted value in the Caption field can impact setDashboardWidget in CommonDataHandlerReadOnly.ashx, indicating insufficient input validation/encoding in...
CVE-2019-14298
Veeam ONE Reporter 9.5.0.3201 is vulnerable to Cross‑Site Scripting (XSS) via a crafted Description(config) field in the addDashboard or editDashboard paths of CommonDataHandlerReadOnly.ashx. The issue is triggered when untrusted input is processed by the web UI, enabling execution of client-side...
CVE-2019-11569
Veeam ONE Reporter 9.5.0.3201 is affected by a Cross‑Site Request Forgery vulnerability in the web application, where requests are not adequately validated as coming from a trusted user. The CVE details show an exploitable CSRF path that can trigger unintended actions (example: deleteDashboard) v...