Telerik Reporting
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9140 | Med | 0.40 | 6.1 | 0.10 | May 22, 2017 | Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to… | ||
| CVE-2024-6097 | 0.00 | — | 0.00 | Feb 12, 2025 | In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. | |||
| CVE-2024-7840 | 0.00 | — | 0.01 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||
| CVE-2024-8048 | 0.00 | — | 0.00 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | |||
| CVE-2024-8014 | 0.00 | — | 0.01 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||
| CVE-2024-6096 | 0.00 | — | 0.01 | Jul 24, 2024 | In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||
| CVE-2024-4200 | 0.00 | — | 0.00 | May 15, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | |||
| CVE-2024-4202 | 0.00 | — | 0.00 | May 15, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | |||
| CVE-2024-1856 | 0.00 | — | 0.01 | Mar 20, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. | |||
| CVE-2024-1801 | 0.00 | — | 0.00 | Mar 20, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. |
- risk 0.40cvss 6.1epss 0.10
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to…
- CVE-2024-6097Feb 12, 2025risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.
- CVE-2024-7840Oct 9, 2024risk 0.00cvss —epss 0.01
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
- CVE-2024-8048Oct 9, 2024risk 0.00cvss —epss 0.00
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
- CVE-2024-8014Oct 9, 2024risk 0.00cvss —epss 0.01
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
- CVE-2024-6096Jul 24, 2024risk 0.00cvss —epss 0.01
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
- CVE-2024-4200May 15, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
- CVE-2024-4202May 15, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
- CVE-2024-1856Mar 20, 2024risk 0.00cvss —epss 0.01
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.
- CVE-2024-1801Mar 20, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.