eng spagobi の CVE(8 件)

CVE 件数: 8 CPE versions: View versions table

概要

本ページは eng spagobi に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。

表示中 18 / 8 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-54795 SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function. [email protected] 5.4 0.48% 2025-01-21 2026-06-17
CVE-2024-54794 The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. [email protected] 9.1 12.83% 2025-01-21 2026-06-17
CVE-2024-54792 A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users. [email protected] 6.1 0.27% 2025-01-21 2026-06-17
CVE-2013-6231 SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script [email protected] 8.8 9.88% 2020-01-10 2026-06-16
CVE-2013-6234 Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload." [email protected] 8.0 6.71% 2019-11-22 2026-06-16
CVE-2014-7296 The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document. [email protected] 6.8 1.70% 2014-10-08 2026-06-16
CVE-2013-6233 Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata." [email protected] 4.3 3.20% 2014-03-09 2026-06-16
CVE-2013-6232 Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page. [email protected] 3.5 3.65% 2014-03-09 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence