Agile Reporter
by Vermeg
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37828 | Med | 0.31 | 4.8 | 0.00 | Jun 17, 2024 | A stored cross-site scripting (XSS) in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message module. | ||
| CVE-2022-34832 | 0.00 | — | 0.00 | Oct 27, 2023 | An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component. | |||
| CVE-2022-34834 | 0.00 | — | 0.00 | Oct 27, 2023 | An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log. | |||
| CVE-2022-34833 | 0.00 | — | 0.00 | Oct 27, 2023 | An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component. |
- risk 0.31cvss 4.8epss 0.00
A stored cross-site scripting (XSS) in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message module.
- CVE-2022-34832Oct 27, 2023risk 0.00cvss —epss 0.00
An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component.
- CVE-2022-34834Oct 27, 2023risk 0.00cvss —epss 0.00
An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.
- CVE-2022-34833Oct 27, 2023risk 0.00cvss —epss 0.00
An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component.