RSS   Vulnerabilities for 'Expressdashboard'   RSS

2021-03-15
 
CVE-2020-24985

CWE-20
 

 
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads.

 
 
CVE-2020-24982

CWE-352
 

 
An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account.

 

 >>> Vendor: Quadbase 4 Products
Espressreport es
Espressreport enterprise server
Espressreports es
Expressdashboard


Copyright 2024, cxsecurity.com

 

Back to Top