ocsreports

CVEs (3)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2018-15537	Ocsinventory Ng ocsreports	—	0.02	Nov 29, 2018	Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
CVE-2018-1000557	Ocsinventory Ng Ocsinventory Server	—	0.00	Jun 26, 2018	OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be…
CVE-2018-1000558	Ocsinventory Ng Ocsinventory Server	—	0.00	Jun 26, 2018	OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By…

CVE-2018-15537Nov 29, 2018
Ocsinventory Ng
ocsreports
risk 0.00cvss —epss 0.02
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
CVE-2018-1000557Jun 26, 2018
Ocsinventory Ng
Ocsinventory Server
risk 0.00cvss —epss 0.00
OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be…
CVE-2018-1000558Jun 26, 2018
Ocsinventory Ng
Ocsinventory Server
risk 0.00cvss —epss 0.00
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By…