VYPR
Vendor

Quadbase

Products
2
CVEs
6
Across products
6
Status
Private

Products

2

Recent CVEs

6
  • CVE-2020-24984HigMar 11, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server.

  • CVE-2020-24983HigMar 11, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and…

  • CVE-2019-9958HigJun 24, 2019
    risk 0.57cvss 8.8epss 0.01

    CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests.

  • CVE-2020-24985HigMar 15, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads.

  • CVE-2019-9957MedJun 24, 2019
    risk 0.35cvss 5.4epss 0.01

    Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload.…

  • CVE-2020-24982MedMar 15, 2021
    risk 0.28cvss 4.3epss 0.00

    An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account.