Vulnerabilities > Ureport Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-28 | CVE-2023-48848 | Path Traversal vulnerability in Ureport Project Ureport 2.2.9 An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. | 7.5 |
| 2023-02-14 | CVE-2023-24187 | XXE vulnerability in Ureport Project Ureport 2.2.9 An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | 7.8 |
| 2023-02-13 | CVE-2023-24188 | Path Traversal vulnerability in Ureport Project Ureport 2.2.9 ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. | 9.1 |
| 2021-09-15 | CVE-2020-21122 | Server-Side Request Forgery (SSRF) vulnerability in Ureport Project Ureport 2.2.9 UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. | 5.3 |
| 2021-09-15 | CVE-2020-21124 | Incorrect Authorization vulnerability in Ureport Project Ureport 2.2.9 UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. | 9.8 |
| 2021-09-15 | CVE-2020-21125 | Unspecified vulnerability in Ureport Project Ureport 2.2.9 An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code. | 9.8 |