Vendor
Dundas
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18569 | Hig | 0.56 | 8.6 | 0.01 | Feb 11, 2019 | The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as… | ||
| CVE-2020-28409 | Med | 0.35 | 5.4 | 0.01 | Nov 10, 2020 | The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur. | ||
| CVE-2020-28408 | Med | 0.35 | 5.4 | 0.01 | Nov 10, 2020 | The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard. |
- risk 0.56cvss 8.6epss 0.01
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as…
- risk 0.35cvss 5.4epss 0.01
The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur.
- risk 0.35cvss 5.4epss 0.01
The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard.