Vulnerabilities > Ocsinventory NG > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-04 | CVE-2023-3726 | Cross-site Scripting vulnerability in Ocsinventory-Ng Ocsinventory-Ocsreports 2.12.0 OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. | 6.9 |
| 2018-11-29 | CVE-2018-15537 | Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng Ocsinventory NG Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. | 6.5 |
| 2018-08-06 | CVE-2018-14857 | Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng OCS Inventory Server Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. | 6.5 |
| 2018-08-04 | CVE-2018-14473 | XXE vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1 OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. | 6.4 |
| 2018-08-04 | CVE-2018-12482 | SQL Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1 OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. | 6.5 |
| 2018-06-26 | CVE-2018-1000558 | SQL Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.3.1/2.4 OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. | 4.0 |
| 2018-06-26 | CVE-2018-1000557 | Cross-site Scripting vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4 OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. | 4.3 |
| 2014-07-07 | CVE-2014-4722 | Cross-Site Scripting vulnerability in Ocsinventory-Ng Ocsinventory NG Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-10-21 | CVE-2011-4024 | Cross-Site Scripting vulnerability in Ocsinventory-Ng OCS Inventory NG Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-05-06 | CVE-2010-1733 | SQL Injection vulnerability in Ocsinventory-Ng OCS Inventory NG 1.0/1.01/1.02 Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. | 6.8 |