Filtered by vendor Quadbase
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24985 | 1 Quadbase | 1 Espressdashboard | 2022-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads. | |||||
| CVE-2020-24983 | 1 Quadbase | 1 Espressreports Es | 2021-03-19 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF. | |||||
| CVE-2020-24984 | 1 Quadbase | 1 Espressreports Es | 2021-03-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server. | |||||
| CVE-2019-9958 | 1 Quadbase | 1 Espressreport Enterprise Server | 2019-07-03 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests. | |||||