VYPR

Birt

by Eclipse

Source repositories

CVEs (4)

  • CVE-2021-34427Jun 25, 2021
    risk 0.05cvss epss 0.58

    In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.

  • CVE-2009-4521Dec 31, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

  • CVE-2022-25370Sep 2, 2022
    risk 0.00cvss epss 0.02

    Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an…

  • CVE-2019-11776Aug 9, 2019
    risk 0.00cvss epss 0.01

    In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.