Sysreptor
by SysReptor
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44987 | Low | 0.18 | 3.8 | 0.00 | May 8, 2026 | SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled… | ||
| CVE-2025-66561 | 0.00 | — | 0.00 | Dec 4, 2025 | SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files… | |||
| CVE-2025-59945 | 0.00 | — | 0.00 | Sep 27, 2025 | SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting… | |||
| CVE-2024-36076 | 0.00 | — | 0.00 | May 19, 2024 | Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session. |
- risk 0.18cvss 3.8epss 0.00
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled…
- CVE-2025-66561Dec 4, 2025risk 0.00cvss —epss 0.00
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files…
- CVE-2025-59945Sep 27, 2025risk 0.00cvss —epss 0.00
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting…
- CVE-2024-36076May 19, 2024risk 0.00cvss —epss 0.00
Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session.