Vulnerabilities > Eramba

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2023-36255 Code Injection vulnerability in Eramba 3.19.1
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.
network
low complexity
eramba CWE-94
8.8
2022-11-14 CVE-2022-43342 Cross-site Scripting vulnerability in Eramba C2.8.1
A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field.
network
low complexity
eramba CWE-79
5.4
2020-11-02 CVE-2020-28031 Injection vulnerability in Eramba 2.8.1
eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users.
network
low complexity
eramba CWE-74
4.0
2020-09-03 CVE-2020-25105 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Eramba 2.19.3/2.8.1
eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).
network
low complexity
eramba CWE-640
5.0
2020-09-03 CVE-2020-25104 Cross-site Scripting vulnerability in Eramba 2.19.3/2.8.1
eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object.
network
eramba CWE-79
3.5
2018-03-09 CVE-2018-7997 Cross-site Scripting vulnerability in Eramba E1.0.6.033
Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript.
network
eramba CWE-79
4.3
2018-03-09 CVE-2018-7996 Cross-site Scripting vulnerability in Eramba E1.0.6.033
Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter.
network
eramba CWE-79
4.3
2018-03-09 CVE-2018-7894 Cross-site Scripting vulnerability in Eramba E1.0.6.033
Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_filter parameter (aka the Search Parameter).
network
eramba CWE-79
4.3
2018-03-07 CVE-2018-7741 Cross-site Scripting vulnerability in Eramba E1.0.6.033
Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI.
network
eramba CWE-79
4.3