Skip to main content

Reports

3 CVEs product

Monthly

CVE-2024-29885 PHP MEDIUM PATCH This Month

silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Reports
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-39181 MEDIUM This Month

GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Reports
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2020-15865 CRITICAL POC Act Now

A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Reports
NVD
CVSS 3.1
9.8
EPSS
5.1%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Reports
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Reports
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Reports
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy