VYPR

Telerik Reporting

by Progress (organisation)

CVEs (10)

  • CVE-2017-9140MedMay 22, 2017
    risk 0.40cvss 6.1epss 0.10

    Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to…

  • CVE-2024-6097Feb 12, 2025
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.

  • CVE-2024-7840Oct 9, 2024
    risk 0.00cvss epss 0.01

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.

  • CVE-2024-8048Oct 9, 2024
    risk 0.00cvss epss 0.00

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.

  • CVE-2024-8014Oct 9, 2024
    risk 0.00cvss epss 0.01

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.

  • CVE-2024-6096Jul 24, 2024
    risk 0.00cvss epss 0.01

    In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.

  • CVE-2024-4200May 15, 2024
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.

  • CVE-2024-4202May 15, 2024
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.

  • CVE-2024-1856Mar 20, 2024
    risk 0.00cvss epss 0.01

    In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.

  • CVE-2024-1801Mar 20, 2024
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.